Forum Discussion
CVE-2023-4966: Citrix NetScaler ADC and NetScaler Gateway...
On October 10, Citrix published a security bulletin (CTX579459) that addressed a critical severity information disclosure vulnerability in Netscaler ADC (formerly known as Citrix ADC) and Netscaler Gateway (formerly known as Citrix Gateway).
On October 17, Mandiant released a blog post and remediation guidance document where they noted that exploitation of a zero-day vulnerability, later identified as CVE-2023-4966, was observed in late August.
CVE-2023-4966 is an information disclosure vulnerability in NetScaler ADC and NetScaler Gateway. When configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server, an unauthenticated attacker could exploit the device in order to hijack an existing authenticated session. Depending on the permissions of the account they have hijacked, this could allow the attacker to gain additional access within a target environment and collect other account credentials. Successful exploitation allows the attacker to bypass multifactor authentication (MFA) requirements.
For more information about this vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.
