support.citrix.com Open in urlscan Pro
34.107.194.63  Public Scan

Form analysis
1 forms found in the DOM

POST

<form id="fileUploadForm" enctype="multipart/form-data" method="post" target="fileUploadIframe"><input type="file" id="fileSelector" name="file" style="display: none;"><input name="filename" type="hidden"></form>

Text Content

Diese Website verwendet Cookies und verwandte Technologien, wie in
unserer Datenschutzrichtlinie beschrieben, für Zwecke, die den Betrieb der
Website, Analysen, eine verbesserte Benutzererfahrung oder Werbung umfassen
können. Sie können sich dafür entscheiden, unserer Verwendung dieser
Technologien zuzustimmen oder Ihre eigenen Einstellungen vornehmen.
Einstellungen verwalten Akzeptieren Alle Ablehnen

 * 
 * Contact Support
    * Open or view cases
    * Chat live
    * Site feedback

 * SIGN IN
 * My Citrix account
 * Citrix Cloud
 * Citrix Cloud Government
 * My support alerts
 * RSS feeds
 * Sign in


CUSTOMERS WHO VIEWED THIS ARTICLE ALSO VIEWED



CTX579459


NETSCALER ADC AND NETSCALER GATEWAY SECURITY BULLETIN FOR CVE-2023-4966 AND
CVE-2023-4967

Security Bulletin | Severity: Critical | 3 found this helpful | Created: 10 Oct
2023 | Modified: 10 Oct 2023 | Status: Final



APPLICABLE PRODUCTS

 * Citrix ADC
 * Citrix Gateway


DESCRIPTION OF PROBLEM

Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix
ADC) and NetScaler Gateway (formerly Citrix Gateway).

Affected Versions: 

The following supported versions of NetScaler ADC and NetScaler Gateway are
affected by the vulnerabilities: 

 * NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
 * NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
 * NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
 * NetScaler ADC 13.1-FIPS before 13.1-37.164
 * NetScaler ADC 12.1-FIPS before 12.1-55.300
 * NetScaler ADC 12.1-NDcPP before 12.1-55.300

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL)
and is vulnerable.

This bulletin only applies to customer-managed NetScaler ADC and NetScaler
Gateway products. Customers using Citrix-managed cloud services or
Citrix-managed Adaptive Authentication do not need to take any action.


Summary: 

NetScaler ADC and NetScaler Gateway contain unauthenticated buffer-related
vulnerabilities mentioned below 

CVE ID Description Pre-requisites CWE CVSS CVE-2023-4966 Sensitive information
disclosure Appliance must be configured as a Gateway (VPN virtual server, ICA
Proxy, CVPN, RDP Proxy) OR AAA virtual server CWE-119 9,4 CVE-2023-4967 Denial
of service Appliance must be configured as a Gateway (VPN virtual server, ICA
Proxy, CVPN, RDP Proxy) OR AAA virtual server CWE-119 8,2

--------------------------------------------------------------------------------


MITIGATING FACTORS

None.

--------------------------------------------------------------------------------


WHAT CUSTOMERS SHOULD DO

Cloud Software Group strongly urges affected customers of NetScaler ADC and
NetScaler Gateway to install the relevant updated versions of NetScaler ADC and
NetScaler Gateway as soon as possible: 

 * NetScaler ADC and NetScaler Gateway 14.1-8.50  and later releases
 * NetScaler ADC and NetScaler Gateway  13.1-49.15  and later releases of 13.1
 * NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0  
 * NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS  
 * NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS  
 * NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP 

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL).
Customers are recommended to upgrade their appliances to one of the supported
versions that address the vulnerabilities.

--------------------------------------------------------------------------------


WHAT CITRIX IS DOING

Citrix is notifying customers and channel partners about this potential security
issue through the publication of this security bulletin on the Citrix Knowledge
Center at https://support.citrix.com/securitybulletins.

--------------------------------------------------------------------------------


OBTAINING SUPPORT ON THIS ISSUE

If you require technical assistance with this issue, please contact Citrix
Technical Support. Contact details for Citrix Technical Support are available at
https://www.citrix.com/support/open-a-support-case.

--------------------------------------------------------------------------------


SUBSCRIBE TO RECEIVE ALERTS

Citrix strongly recommends that all customers subscribe to receive alerts when a
Citrix security bulletin is created or modified at
https://support.citrix.com/user/alerts.

--------------------------------------------------------------------------------


REPORTING SECURITY VULNERABILITIES TO CITRIX

Citrix welcomes input regarding the security of its products and considers any
and all potential vulnerabilities seriously. For details on our vulnerability
response process and guidance on how to report security-related issues to
Citrix, please see the following webpage:
https://www.citrix.com/about/trust-center/vulnerability-process.html.

--------------------------------------------------------------------------------


DISCLAIMER

This document is provided on an "as is" basis and does not imply any kind of
guarantee or warranty, including the warranties of merchantability or fitness
for a particular use. Your use of the information on the document is at your own
risk. Citrix reserves the right to change or update this document at any time.
Customers are therefore recommended to always view the latest version of this
document directly from the Citrix Knowledge Center.

--------------------------------------------------------------------------------


CHANGELOG

2023-10-10 T 16:00:00Z Initial Publication

--------------------------------------------------------------------------------


Was this page helpful? Please provide article feedback.


View support numbers
Share this page
 * 
 * 
 * 
 * 

Legal Do not sell my personal information Cookie Preferences
© 2023 Cloud Software Group, Inc. All rights reserved.




Live chat:Start Chat