Published on: 11 October 2023
Citrix released a security advisory to address multiple vulnerabilities in Citrix NetScaler ADC and Citrix NetScaler Gateway. An attacker could exploit these vulnerabilities by sending specially crafted requests to an affected system.
Reports indicate that the proof-of-concept (PoC) code for the information disclosure vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Citrix NetScaler Gateway is publicly available. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.
Please note that Citrix NetScaler ADC and Citrix NetScaler Gateway version 12.1 has reached End-Of-Life (EOL). As version 12.1 is vulnerable with no security updates provided, system administrators should arrange to upgrade the NetScaler ADC and NetScaler Gateway to supported versions or migrate to other supported technology.
Depending on the vulnerability being exploited, a successful exploitation could lead to denial of service or information disclosure on an affected system.
Software updates for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.