Citrix has urged clients of NetScaler ADC and NetScaler Gateway to put in up to date variations of the networking merchandise to stop lively exploitation of vulnerabilities that would result in info disclosure and DoS assaults.
NetScaler ADC (Software Supply Controller) and NetScaler Gateway have been designed to boost the efficiency, security, and availability of purposes and providers inside networks. Citrix first introduced the product vulnerabilities — designated CVE-2023-4966 and CVE-2023-4967 — on October 10, describing them as “unauthenticated buffer-related” bugs.
CVE-2023-4966, a high-severity, essential info disclosure vulnerability, has been assigned a 9.4 CVSS rating. AssetNote, a cybersecurity firm specialised in figuring out and managing security dangers in net purposes and on-line belongings, revealed a proof of idea (POC) exploit for the vulnerability, known as Citrix Bleed, on GitHub. The corporate can be providing exams for purchasers to examine on their publicity to the vulnerability.
In an advisory, Citrix mentioned that “exploits of CVE-2023-4966 on unmitigated home equipment have been noticed. Cloud Software program Group strongly urges clients of NetScaler ADC and NetScaler Gateway to put in the related up to date variations of NetScaler ADC and NetScaler Gateway as quickly as attainable.”
Energetic exploits for CVE-2023-4967, which might permit attackers to launch DoS assaults, haven’t been as broadly noticed. It has been assigned a 8.2 CVSS rating.
In the latest replace on the vulnerabilities, Citrix has really helpful putting in up to date variations of the affected gadgets. A number of variations of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities, and are listed by Citrix in its newest security bulletin.
