CVE-2023-4966β€”Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

PUBLISHEDvulnerability record
2023-10-18 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2023-4966
Project:
Citrix
Product:
NetScaler ADC and NetScaler Gateway
Date Added:
2023-10-18
Due Date:
2023-11-08
Last Updated:
June 21, 2025

Vulnerability Name

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Description

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.

Additional Notes

Related News Articles

Related Weaknesses