On October 18, 2023, Citrix issued a warning about a critical security flaw in NetScaler ADC and Gateway appliances. This flaw, known as CVE-2023-4966, has a CVSS score of 9.4 and could potentially expose sensitive information. The affected versions include NetScaler ADC and NetScaler Gateway 14.1, 13.1, 13.0, and 12.1. Exploitation of the vulnerability requires the device to be configured as a Gateway or authorization and accounting virtual server.

Although patches were released on October 10, 2023, Citrix has observed exploits of the vulnerability on unmitigated devices. Mandiant, a threat intelligence firm owned by Google, reported zero-day exploitation of the vulnerability since late August 2023. Successful exploitation could allow an attacker to hijack authenticated sessions, bypass multi-factor authentication, and gain unauthorized access to resources.

The attacks have targeted professional services, technology, and government organizations. Users are advised to update their instances to the latest version and terminate all active sessions to mitigate potential threats. Follow us on Twitter and LinkedIn for more exclusive content.


Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles