{"id":174259565,"date":"2023-10-23T15:56:15","date_gmt":"2023-10-23T15:56:15","guid":{"rendered":"https:\/\/www.netscaler.com\/blog\/?p=174259565"},"modified":"2023-11-20T05:43:09","modified_gmt":"2023-11-20T05:43:09","slug":"cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway","status":"publish","type":"post","link":"https:\/\/www.netscaler.com\/blog\/news\/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway\/","title":{"rendered":"CVE-2023-4966: Critical security update now available for NetScaler ADC and NetScaler Gateway"},"content":{"rendered":"\n

On October 10, 2023, Cloud Software Group released builds to fix CVE-2023-4966, which affects NetScaler ADC and NetScaler Gateway. If exploited, CVE-2023-4966 can result in unauthorized data disclosure. This vulnerability was discovered by our internal team, and at the time of disclosure, we were not aware of any exploits in the wild. <\/p>\n\n\n\n

We now have reports of incidents consistent with session hijacking, and have received credible reports of targeted attacks exploiting this vulnerability.<\/p>\n\n\n\n

You can find details in the security bulletin<\/a>. <\/p>\n\n\n\n

If you are using affected builds and have configured NetScaler ADC as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or as an AAA\u202fvirtual\u202fserver, we strongly recommend that you immediately<\/em> install the recommended builds<\/a> because this vulnerability has been identified as critical. No workarounds are available for this vulnerability.<\/p>\n\n\n\n

In both this communication and the related security bulletin<\/a>, we are sharing limited technical details to protect our customers from exploits leveraging this vulnerability within NetScaler to conduct session hijacking of other systems.<\/p>\n\n\n\n

The Cybersecurity and Infrastructure Security Agency (CISA) has added an entry for CVE-2023-4966<\/a> to its Known Exploited and Vulnerabilities Catalog, which contains detection and mitigation guidance for observed exploitations of CVE-2023-4966 by threat actors against NetScaler ADC and NetScaler Gateway. Additionally, Mandiant has provided guidance<\/a>. If you are a Citrix-managed cloud service or Citrix-managed Adaptive Authentication customer, no action is required. This guidance applies to customer-managed NetScaler ADC or NetScaler Gateway only.<\/p>\n\n\n\n

Recommended next steps<\/h2>\n\n\n\n

If you are using any of the affected builds listed in the security bulletin<\/a>, you should update  immediately by installing the recommended builds. In addition, we also recommend killing all active and persistent sessions using the following commands:<\/p>\n\n\n\n

kill icaconnection -all\n\nkill rdp connection -all\n\nkill pcoipConnection -all\n\nkill aaa session -all\n\nclear lb persistentSessions<\/code><\/pre>\n\n\n\n
Note: <\/strong>Please ensure that the formatting remains intact as you copy and paste these commands.<\/em><\/p>\n\n\n\n
If you are using NetScaler ADC or NetScaler Gateway instances on SDX hardware, you will need to upgrade VPX instances (the underlying SDX hardware, itself, is not affected). <\/p>\n\n\n\n
NetScaler ADC and NetScaler Gateway appliances that are not <\/em><\/strong>configured as a gateway (VPN virtual server, ICA proxy, CVPN, or RDP proxy) or as an <\/em>AAA virtual\u202fserver (traditional load balancing configurations, for example) and related products such as NetScaler Application Delivery Management (ADM) and Citrix SD-WAN are not<\/em><\/strong> affected.<\/p>\n\n\n\n
Update installation<\/h3>\n\n\n\n
Permanent fixes are available to download for NetScaler ADC and NetScaler Gateway:<\/p>\n\n\n\n