Main Vulnerability Database Vulnerabilities #VU81926

#VU81926 Buffer overflow in Citrix Netscaler ADC and Citrix NetScaler Gateway - CVE-2023-4966

Published: October 11, 2023 / Updated: February 25, 2025

Vulnerability identifier: #VU81926

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2023-4966

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Citrix Netscaler ADC
Citrix NetScaler Gateway

Software vendor:
Citrix

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote non-authenticated attacker can send specially crafted data to the device, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as AAAvirtualserver.

Note, the vulnerability is being actively exploited in the wild since August 2023.

Remediation

Install updates from vendor's website.

For FIPS releases install the following versions:

NetScaler ADC 13.1-FIPS version 13.1-37.164
NetScaler ADC 12.1-FIPS version 12.1-55.300
NetScaler ADC 12.1-NDcPP version 12.1-55.300

#VU81926 Buffer overflow in Citrix Netscaler ADC and Citrix NetScaler Gateway - CVE-2023-4966

Description

Remediation

External links

Please verify you're human