CVE-2023-4966 - OpenCVE

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Netscaler Gateway Netscaler Application Delivery Controller

Configuration 1 [-]

OR	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::ndcpp:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::

References

Link	Resource
http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html	Third Party Advisory VDB Entry
https://support.citrix.com/article/CTX579459	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Citrix

Published: 2023-10-10T13:12:17.644Z

Updated: 2023-10-10T13:12:29.552Z

Reserved: 2023-09-14T15:51:21.569Z

Link: CVE-2023-4966

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-10T14:15:10.977

Modified: 2024-06-17T13:32:11.253

Link: CVE-2023-4966

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4966", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2023-09-14T15:51:21.569Z", "datePublished": "2023-10-10T13:12:17.644Z", "dateUpdated": "2023-10-10T13:12:29.552Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetScaler ADC\u202f", "vendor": "Citrix", "versions": [{"lessThan": "8.50", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "49.15", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "92.19", "status": "affected", "version": "13.0", "versionType": "patch"}, {"lessThan": "37.164", "status": "affected", "version": "13.1-FIPS", "versionType": "patch"}, {"lessThan": "55.300", "status": "affected", "version": "12.1-FIPS", "versionType": "patch"}, {"lessThan": "55.300", "status": "affected", "version": "12.1-NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "NetScaler Gateway", "vendor": "Citrix", "versions": [{"lessThan": "8.50", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "49.15", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "92.19", "status": "affected", "version": "13.0", "versionType": "patch"}]}], "datePublic": "2023-10-10T12:33:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><p><b><span style=\"background-color: transparent;\">Sensitive information disclosure </span></b><span style=\"background-color: var(--wht);\">in NetScaler ADC and NetScaler Gateway when configured as a </span><span style=\"background-color: transparent;\">Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) </span><span style=\"background-color: transparent;\">or </span><span style=\"background-color: transparent;\">AAA \u202fvirtual\u202fserver. </span><span style=\"background-color: transparent;\"><br></span><span style=\"background-color: var(--wht);\"><br></span></p></b>"}], "value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA \u202fvirtual\u202fserver.\u00a0\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2023-10-10T13:12:29.552Z"}, "references": [{"url": "https://support.citrix.com/article/CTX579459"}, {"url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Unauthenticated sensitive information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"cisaActionDue": "2023-11-08", "cisaExploitAdd": "2023-10-18", "cisaRequiredAction": "Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "492BEB4B-7A4B-47C2-93D1-2B0683AA3A20", "versionEndExcluding": "12.1-55.300", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "matchCriteriaId": "81EF12C2-4197-4C0D-BE11-556F05DAD646", "versionEndExcluding": "12.1-55.300", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "9EEC53B2-686A-4C6F-98DE-5D6AE804B0A8", "versionEndExcluding": "13.0-92.19", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "109301A8-9ADD-4A49-9C45-D21A4DA840E9", "versionEndExcluding": "13.1-37.164", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "5C1739C5-48C1-46BC-A524-B4CC4C5B6436", "versionEndExcluding": "13.1-49.15", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "9148C36D-98B4-4166-8B9A-449EA86BA4B1", "versionEndExcluding": "14.1-8.50", "versionStartIncluding": "14.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FB1412D-F8D8-4592-A8A9-C1B841B93D5E", "versionEndExcluding": "13.0-92.19", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "28A08B32-D145-499F-866E-BEEEDEBB2901", "versionEndExcluding": "13.1-49.15", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F1610E6-FE48-4339-8E74-765E0517E33D", "versionEndExcluding": "14.1-8.50", "versionStartIncluding": "14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA ?virtual?server.\u00a0\n\n\n\n"}, {"lang": "es", "value": "Divulgaci\u00f3n de informaci\u00f3n confidencial en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, ICA Proxy, CVPN, RDP Proxy) o servidor \"virtual\" AAA."}], "id": "CVE-2023-4966", "lastModified": "2024-06-17T13:32:11.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.5, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2023-10-10T14:15:10.977", "references": [{"source": "secure@citrix.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"}, {"source": "secure@citrix.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX579459"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "secure@citrix.com", "type": "Secondary"}]}