CVE-2023-4967 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Software Group Netscaler ADC

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents9 sources

Severity

7.5HIGHNVD

VulnCheck8.2

EPSS

0.4%

top 36.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloud Software Group Netscaler ADC Cloud Software Group Netscaler Gateway Citrix Netscaler Application Delivery Controller +5 more

Timeline

PublishedOct 27

Latest updateDec 6

Description

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶NVDcitrix/netscaler_gateway13.0 — 13.0-92.19+2

▶CVEListV5cloud_software_group/netscaler_gateway14.1 — 8.50+2

▶citrixcitrix/netscaler_gateway

▶CVEListV5cloud_software_group/netscaler_adc14.1 — 8.50+5

▶NVDcitrix/netscaler_application_delivery_controller13.0 — 13.0-92.19+4

🔴Vulnerability Details

GHSA

GHSA-wj66-97v8-j738: Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual↗2023-10-27

▶

VulnCheck

Citrix NetScaler ADC and NetScaler Gateway Improper Restriction of Operations within the Bounds of a Memory Buffer↗2023

▶

📋Vendor Advisories

Citrix

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967↗2023-10-17

▶

🕵️Threat Intelligence

Tenable

CVE-2023-4966 (CitrixBleed): Invalidate Active or Persistent Sessions To Prevent Further Compromise↗2023-12-06

▶

Tenable

Frequently Asked Questions for CitrixBleed (CVE-2023-4966)↗2023-11-20

▶

Wiz

Crying Out Cloud - November Newsletter | Wiz↗2023-11-01

▶

Unit42

Threat Brief: Citrix Bleed CVE-2023-4966↗2023-11-01

▶

Unit42

Threat Brief: Citrix Bleed CVE-2023-4966↗2023-11-01

▶