Citrix Products Multiple Vulnerabilities

Release Date: 12 Oct 2023 4504 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger information disclosure and denial of service on the targeted system.

Note:
CVE-2023-4966 is being exploited in the wild, but the affected appliance is needed to configure as a VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server. Hence, the risk level is rated as medium.

Impact

Information Disclosure
Denial of Service

System / Technologies affected

NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
NetScaler ADC 13.1-FIPS before 13.1-37.164
NetScaler ADC 12.1-FIPS before 12.1-55.300
NetScaler ADC 12.1-NDcPP before 12.1-55.300

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

The vendor has issued a fix:
NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
NetScaler ADC and NetScaler Gateway  13.1-49.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0 
NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS 
NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS 
NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP

For details: https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967