Security

Mitigation Instructions for CVE-2023-4966 Citrix Bleed

Written by CyRisk Vulnerability Management Team | Nov 29, 2023 9:05:18 PM

SUBJECT: CVE-2023-4966 Citrix NetScaler ADC and Gateway Vulnerability (Citrix Bleed)

TECH STACK: Citrix NetScaler ADC and NetScaler Gateway Appliances

DATE(S) ISSUED: First issued on Oct. 10, 2023, with subsequent updates

CRITICALITY: HIGH

OVERVIEW:

CVE-2023-4966, known as Citrix Bleed, is a critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway. It involves a buffer overflow vulnerability that can lead to sensitive information disclosure when configured as a Gateway or AAA virtual server. This vulnerability has been actively exploited, allowing cyber actors to potentially take control of affected systems​​​​.

NIST Description:

The vulnerability allows a cyber actor to bypass Multi-Factor Authentication (MFA) and hijack legitimate user sessions, posing a significant security risk. Threat actors, including LockBit 3.0 ransomware affiliates, have been observed exploiting this vulnerability​​.

THREAT INTELLIGENCE:

As of October 18, 2023, CISA has added CVE-2023-4966 to its Known Exploited Vulnerabilities Catalog, citing active, targeted exploitation of the vulnerability. This vulnerability is a critical concern for organizations using Citrix NetScaler ADC and NetScaler Gateway appliances​​.

SOLUTION:

To mitigate this vulnerability, Citrix has released several security updates. Organizations are urged to update their appliances to the following versions:

  • NetScaler ADC and NetScaler Gateway 14.1-8.50 and later
  • NetScaler ADC and NetScaler Gateway 13.1-49.15 and later of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.19 and later of 13.0
  • NetScaler ADC 13.1-FIPS 13.1-37.164 and later of 13.1-FIPS
  • NetScaler ADC 12.1-FIPS 12.1-55.300 and later of 12.1-FIPS
  • NetScaler ADC 12.1-NDcPP 12.1-55.300 and later of 12.1-NDcPP

For additional support please reach out to us at support@cyrisk.com

REFERENCES: