Skip to main content

Citrix Products Multiple Vulnerabilities

Release Date: 12 Oct 2023 4651 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger information disclosure and denial of service on the targeted system.

 

Note:
CVE-2023-4966 is being exploited in the wild, but the affected appliance is needed to configure as a VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server. Hence, the risk level is rated as medium.


Impact

  • Information Disclosure
  • Denial of Service

System / Technologies affected

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
  • NetScaler ADC 13.1-FIPS before 13.1-37.164
  • NetScaler ADC 12.1-FIPS before 12.1-55.300
  • NetScaler ADC 12.1-NDcPP before 12.1-55.300

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

 

  • The vendor has issued a fix:
    NetScaler ADC and NetScaler Gateway 14.1-8.50  and later releases
    NetScaler ADC and NetScaler Gateway  13.1-49.15  and later releases of 13.1
    NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0  
    NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS  
    NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS  
    NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP 

For details: https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967

 


Vulnerability Identifier


Source


Related Link