Vulnerability Details CVE-2023-4966
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.4
Proposed Action
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Ransomware Campaign
Known
References
Products affected by CVE-2023-4966
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1-55.297
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0-91.13
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.159
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1
-
cpe:2.3:a:citrix:netscaler_gateway:13.0
-
cpe:2.3:a:citrix:netscaler_gateway:13.0-91.13
-
cpe:2.3:a:citrix:netscaler_gateway:13.1
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_gateway:14.1