cbcvebase.
CVE-2023-4967
published 2023-10-27

CVE-2023-4967: Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

PriorityP180high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
0.88%
54.5th percentile
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

Affected

22 ranges
VendorProductVersion rangeFixed in
citrixcitrix_adc
citrixcitrix_gateway
citrixnetscaler_adc
citrixnetscaler_application_delivery_controller12.1 – 12.1-55.300
citrixnetscaler_application_delivery_controller>= 13.0 < 13.0-92.1913.0-92.19
citrixnetscaler_application_delivery_controller>= 13.1 < 13.1-49.1513.1-49.15
citrixnetscaler_application_delivery_controller13.1 – 13.1-37.164
citrixnetscaler_application_delivery_controller>= 14.1 < 14.1-8.5014.1-8.50
citrixnetscaler_gateway
citrixnetscaler_gateway>= 13.0 < 13.0-92.1913.0-92.19
citrixnetscaler_gateway>= 13.1 < 13.1-49.1513.1-49.15
citrixnetscaler_gateway>= 14.1 < 14.1-8.5014.1-8.50
citrixxenserver
cloud_software_groupnetscaler_adc>= 12.1-FIPS < 55.30055.300
cloud_software_groupnetscaler_adc>= 12.1-NDcPP < 55.30055.300
cloud_software_groupnetscaler_adc>= 13.0 < 92.1992.19
cloud_software_groupnetscaler_adc>= 13.1 < 49.1549.15
cloud_software_groupnetscaler_adc>= 13.1-FIPS < 37.16437.164
cloud_software_groupnetscaler_adc>= 14.1 < 8.508.50
cloud_software_groupnetscaler_gateway>= 13.0 < 92.1992.19
cloud_software_groupnetscaler_gateway>= 13.1 < 49.1549.15
cloud_software_groupnetscaler_gateway>= 14.1 < 8.508.50

Detection & IOCsextracted from sources · hover to see the quote

commands.exe -h REDACTED_INTERNAL_IP/24 -finger -vulnscan -webtimeout 6 -t 100 -debug
otherThreat Prevention signature 94483
  • Monitor for active or persistent session tokens on NetScaler ADC/Gateway that survive patching; stolen tokens can bypass MFA and must be explicitly killed using Citrix CLI commands.
  • ·CVE-2023-4967 (DoS) only affects NetScaler ADC/Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server — devices not in these roles are not vulnerable.
  • ·NetScaler ADC/Gateway version 12.1 has reached end-of-life and will no longer receive patches; organizations on this version must upgrade to a supported release.
  • ·Patching alone is insufficient; active and persistent sessions must be explicitly terminated via CLI commands after patching, as stolen session tokens remain valid post-patch and can be used to bypass MFA.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck8.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.