Citrix has urged clients of NetScaler ADC and NetScaler Gateway to put in up to date variations of the networking merchandise to forestall lively exploitation of vulnerabilities that would result in info disclosure and DoS assaults.
NetScaler ADC (Software Supply Controller) and NetScaler Gateway had been designed to reinforce the efficiency, safety, and availability of purposes and companies inside networks. Citrix first introduced the product vulnerabilities — designated CVE-2023-4966 and CVE-2023-4967 — on October 10, describing them as “unauthenticated buffer-related” bugs.
CVE-2023-4966, a high-severity, essential info disclosure vulnerability, has been assigned a 9.4 CVSS rating. AssetNote, a cybersecurity firm specialised in figuring out and managing safety dangers in internet purposes and on-line belongings, revealed a proof of idea (POC) exploit for the vulnerability, referred to as Citrix Bleed, on GitHub. The corporate can be providing checks for purchasers to examine on their publicity to the vulnerability.
In an advisory, Citrix stated that “exploits of CVE-2023-4966 on unmitigated home equipment have been noticed. Cloud Software program Group strongly urges clients of NetScaler ADC and NetScaler Gateway to put in the related up to date variations of NetScaler ADC and NetScaler Gateway as quickly as doable.”
Lively exploits for CVE-2023-4967, which might permit attackers to launch DoS assaults, haven’t been as broadly noticed. It has been assigned a 8.2 CVSS rating.
In the latest replace on the vulnerabilities, Citrix has beneficial putting in up to date variations of the affected units. A number of variations of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities, and are listed by Citrix in its newest safety bulletin.
