CVE-2023-4966
Published: 10 October 2023
Summary
CVE-2023-4966 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Citrix Netscaler Application Delivery Controller. Its CVSS base score is 9.4 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AU-13 (Monitoring for Information Disclosure).
Deeper analysis
CVE-2023-4966 is a sensitive information disclosure vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway appliances when configured as a Gateway (including VPN virtual server, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. The flaw, tracked under CWE-119, carries a CVSS 3.1 score of 9.4 and permits exposure of sensitive session data without requiring authentication or user interaction.
Unauthenticated remote attackers can exploit the issue over the network to leak session tokens and other sensitive information, enabling session hijacking and subsequent unauthorized access with impacts to confidentiality, integrity, and availability. Public proof-of-concept code has been released that demonstrates token leakage against vulnerable instances.
Citrix advisory CTX579459 details the affected versions and provides remediation guidance, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming in-the-wild exploitation. The associated EPSS score has reached a peak of 0.9717 with a current value of 0.9435, indicating sustained and substantial exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-54802
Vulnerability details
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
- CWE(s)
- KEV Date Added
- 18 October 2023
Related Threats
Threat-Actor AttributionAI
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces access control policies on the NetScaler gateway/AAA virtual servers to block unauthenticated retrieval of sensitive session tokens.
Applies boundary protection mechanisms that restrict external network access to the vulnerable VPN/AAA interfaces and limit exposure of the information disclosure flaw.
Directly monitors for unauthorized information disclosure attempts against the NetScaler services, enabling detection of session-token leakage.