NOTIFIED: Critical NetScaler ADC and Gateway Vulnerabilities (CVE-2023-4966 & CVE-2023-4967)
On October 10, 2023, the cybersecurity community was alerted about two critical vulnerabilities in NetScaler ADC and NetScaler Gateway: CVE-2023-4966 and CVE-2023-4967.
These vulnerabilities predominantly affect versions of NetScaler ADC and NetScaler Gateway that are widely used in numerous organizations. The implications are grave, as they can lead to sensitive information disclosure and potential denial of service attacks.
LAST UPDATE: 10/23/23
While there are many technical analyses looking into these vulnerabilities, the important points you must be aware of include:
- The vulnerabilities are present in several versions of NetScaler ADC and NetScaler Gateway.
- CVE-2023-4966 allows for sensitive information disclosure, with a CVSS score of 9.4.
- CVE-2023-4967 can lead to denial of service, with a CVSS score of 8.2.
- Immediate action is required, as exploits of CVE-2023-4966 on unmitigated appliances have already been observed.
How to Safeguard Against NetScaler Vulnerabilities
To shield against these vulnerabilities, it’s critical to install the updated versions of NetScaler ADC and NetScaler Gateway promptly. Going one step further, you are advised to upgrade any appliances to one of the supported versions that solve the vulnerabilities.
The CDI Security Team is actively working with partners to ensure that these vulnerabilities are taken care of – and to provide the best security solutions to our clients. We will continue to update this blog as more information becomes available.
For those seeking assistance or have concerns regarding these vulnerabilities, our expert team is ready to help. Please contact us for support.
For a deeper dive into the technical specifics, please refer to: