Critical Security Alert: Immediate Action Required for NetScaler ADC and NetScaler Gateway Due to Severe Vulnerabilities

Reza Rafati
Estimated read time 2 min read

Introduction

Citrix has issued an urgent security bulletin concerning multiple critical vulnerabilities in NetScaler ADC and NetScaler Gateway. If you are using affected versions of these products, immediate action is imperative to safeguard your network and data.

The Vulnerabilities at a Glance

Two critical vulnerabilities have been identified:

  • CVE-2023-4966: Sensitive Information Disclosure
    • Severity: CVSS score of 9.4
    • Configuration: The appliance must be configured as a Gateway or an AAA virtual server.
  • CVE-2023-4967: Denial of Service
    • Severity: CVSS score of 8.2
    • Configuration: Similar to CVE-2023-4966, the appliance must be configured as a Gateway or an AAA virtual server.

Affected Versions

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
  • NetScaler ADC 13.1-FIPS before 13.1-37.164
  • NetScaler ADC 12.1-FIPS before 12.1-55.300
  • NetScaler ADC 12.1-NDcPP before 12.1-55.300

Note: Version 12.1 is now End-of-Life (EOL) and is vulnerable.

Understanding the Risks

Both vulnerabilities are buffer-related and could be exploited without authentication. CVE-2023-4966 allows unauthorized data disclosure and possibly session hijacking, while CVE-2023-4967 can cause a denial of service.

The exploit doesn’t require sophisticated skills, but the impact is highly concerning. The Cybersecurity and Infrastructure Security Agency (CISA) has already added an entry for CVE-2023-49661 to its Known Exploited and Vulnerabilities Catalog.

Recommended Actions

It’s crucial to act now. If you’re using any of the affected builds listed, update immediately by installing the recommended builds2. Additionally, terminate all active and persistent sessions using the following commands3:

kill icaconnection -all
kill rdp connection -all
kill pcoipConnection -all
kill aaa session -all
clear lb persistentSessions

Note: Ensure the formatting remains intact when you copy and paste these commands.

For NetScaler ADC or NetScaler Gateway instances on SDX hardware, you will need to upgrade VPX instances; the underlying SDX hardware is not affected.

No Room for Complacency

There are no workarounds or mitigations available beyond upgrading to a build that addresses these vulnerabilities. Reports have confirmed incidents consistent with session hijacking4 and targeted attacks exploiting CVE-2023-4966. If you’re delaying updates, you’re risking unauthorized data disclosure and potentially session hijacking.

Conclusion

These vulnerabilities are not to be taken lightly. NetScaler ADC and NetScaler Gateway are integral components in many network architectures. Failure to address these vulnerabilities promptly could have severe repercussions, including data breaches and service disruptions.

Don’t wait. Update now and ensure you’re protected against these severe vulnerabilities.

  1. https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-patch-netscaler-cve-2023-4966-bug-immediately/ ↩︎
  2. https://docs.netscaler.com/en-us/citrix-adc-secure-deployment.html ↩︎
  3. https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/ ↩︎
  4. https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966 ↩︎
Think This Is Crucial Info? Share to Inform Others!
Avatar for Reza Rafati
Reza Rafati https://cyberwarzone.com

Reza Rafati, based in the Netherlands, is the founder of Cyberwarzone.com. An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author

+ There are no comments

Add yours