SUBJECT: CVE-2023-4966 Citrix NetScaler ADC and Gateway Vulnerability (Citrix Bleed)
TECH STACK: Citrix NetScaler ADC and NetScaler Gateway Appliances
DATE(S) ISSUED: First issued on Oct. 10, 2023, with subsequent updates
CRITICALITY: HIGH
OVERVIEW:
CVE-2023-4966, known as Citrix Bleed, is a critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway. It involves a buffer overflow vulnerability that can lead to sensitive information disclosure when configured as a Gateway or AAA virtual server. This vulnerability has been actively exploited, allowing cyber actors to potentially take control of affected systems.
NIST Description:
The vulnerability allows a cyber actor to bypass Multi-Factor Authentication (MFA) and hijack legitimate user sessions, posing a significant security risk. Threat actors, including LockBit 3.0 ransomware affiliates, have been observed exploiting this vulnerability.
THREAT INTELLIGENCE:
As of October 18, 2023, CISA has added CVE-2023-4966 to its Known Exploited Vulnerabilities Catalog, citing active, targeted exploitation of the vulnerability. This vulnerability is a critical concern for organizations using Citrix NetScaler ADC and NetScaler Gateway appliances.
SOLUTION:
To mitigate this vulnerability, Citrix has released several security updates. Organizations are urged to update their appliances to the following versions:
NetScaler ADC and NetScaler Gateway 14.1-8.50 and later
NetScaler ADC and NetScaler Gateway 13.1-49.15 and later of 13.1
NetScaler ADC and NetScaler Gateway 13.0-92.19 and later of 13.0
NetScaler ADC 13.1-FIPS 13.1-37.164 and later of 13.1-FIPS
NetScaler ADC 12.1-FIPS 12.1-55.300 and later of 12.1-FIPS
NetScaler ADC 12.1-NDcPP 12.1-55.300 and later of 12.1-NDcPP
