CVE-2023-4966βCitrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
PUBLISHEDvulnerability record
2023-10-18 Β· last modified June 21, 2025
Metadata
Vulnerability Name
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Description
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Known To Be Used in Ransomware Campaigns?
Action
Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.