CVE-2023-4966

Confirmed PUBLISHED

Unauthenticated sensitive information disclosure

Citrix · NetScaler ADC, NetScaler Gateway
Exploited in the wild Active exploitation observed Used in malware PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
2
Unique Attacker IPs
2
CISA KEV
In CISA KEV
CVSS / EPSS
9.4 Critical EPSS 100.0%

At a Glance

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

malware nuclei_scanner cisa ransomware
CVE Published
Oct 10, 2023
Exploitation Reported
Oct 18, 2023
CVSS
9.4 Critical
EPSS
100.0%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Citrix
NetScaler ADC

14.1 to < 8.50

Affected
Citrix
NetScaler ADC

13.1 to < 49.15

Affected
Citrix
NetScaler ADC

13.0 to < 92.19

Affected
Citrix
NetScaler ADC

13.1-FIPS to < 37.164

Affected
Citrix
NetScaler ADC

12.1-FIPS to < 55.300

Affected
Citrix
NetScaler ADC

12.1-NDcPP to < 55.300

Affected
Citrix
NetScaler Gateway

14.1 to < 8.50

Affected
Citrix
NetScaler Gateway

13.1 to < 49.15

Affected
Citrix
NetScaler Gateway

13.0 to < 92.19

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.