Known Exploited Vulnerability
9.4
CRITICAL CVSS 3.1
CVE-2023-4966
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability - [Actively Exploited]
Description

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

INFO

Published Date :

Oct. 10, 2023, 2:15 p.m.

Last Modified :

June 17, 2026, 6:38 a.m.

Remotely Exploit :

Yes !
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Required Action :

Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.

Known Ransomware Campaign Use:

Known Detected Oct 18, 2023

Notes :

https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/, https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4966

Affected Products

The following products are affected by CVE-2023-4966 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Citrix netscaler_application_delivery_controller
2 Citrix netscaler_gateway
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS 3.1 CRITICAL [email protected]
CVSS 3.1 HIGH [email protected]
Solution
To address a vulnerability in Citrix NetScaler ADC and NetScaler Gateway, upgrade to the latest version and consult vendor documentation for security updates.
  • Upgrade to version 13.0-92.19, 13.1-49.15, 14.1-8.50 or later.
  • Refer to vendor documentation for security updates.
Public PoC/Exploit Available at Github

CVE-2023-4966 has a 94 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-4966.

URL Resource
http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html Third Party Advisory VDB Entry
https://support.citrix.com/article/CTX579459 Vendor Advisory
http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html Third Party Advisory VDB Entry
https://support.citrix.com/article/CTX579459 Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-4966 is associated with the following CWEs:

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Analysis of 8 critical network security vulnerabilities (Cisco, OpenSSH, Fortinet, Ivanti, Palo Alto, HTTP/2, Citrix) — IE3032 Network Security group assignment.

Updated: 4 days, 20 hours ago
0 stars 0 fork 0 watcher
Born at : July 14, 2026, 5:26 p.m. This repo has been linked 8 different CVEs too.

Is that CVE real, or just scanner noise? Community field verdicts from truepositive.app, in your terminal.

appsec cli cve devsecops epss false-positives kev security security-tools triage vulnerability-management

JavaScript

Updated: 4 days, 22 hours ago
0 stars 0 fork 0 watcher
Born at : July 14, 2026, 3:23 p.m. This repo has been linked 5 different CVEs too.

面向 CitrixBleed 类漏洞爆发期的医院业务连续性救生艇,把 FSM 八态借权状态机、临床业务窗口调度、老系统 TOTP 降级、SM3 国密哈希链飞检可签字审计四件套装进一台 30 秒闭环的小工作台;平行补充 CyberArk / Vault / AWS PIM 等商业基线未覆盖的值班医生借权场景,输出可直接签字归档的飞检 PDF 与 JSON-LD。

Dockerfile Shell TypeScript JavaScript HTML CSS Python

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : July 8, 2026, 11:08 p.m. This repo has been linked 1 different CVEs too.

None

HTML

Updated: 2 weeks ago
2 stars 0 fork 0 watcher
Born at : July 3, 2026, 7:13 a.m. This repo has been linked 21 different CVEs too.

None

Updated: 2 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : July 2, 2026, 1:08 p.m. This repo has been linked 2 different CVEs too.

OpenSource WAF

Dockerfile Go Shell

Updated: 2 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : July 2, 2026, 4:09 a.m. This repo has been linked 32 different CVEs too.

None

HTML PowerShell JavaScript CSS

Updated: 2 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : June 30, 2026, 11:13 a.m. This repo has been linked 3 different CVEs too.

None

Python HTML CSS JavaScript

Updated: 3 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : June 24, 2026, 2:58 a.m. This repo has been linked 3 different CVEs too.

Plataforma de aprendizado de ciberseguranca - alternativa ao TryHackMe em portugues BR

TypeScript JavaScript HTML CSS Shell

Updated: 4 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : June 19, 2026, 3:55 a.m. This repo has been linked 6 different CVEs too.

Why raw CVE counts mislead: a cited, methodology-driven risk ranking of perimeter & edge security vendors (CISA KEV, time-to-exploit, disclosure transparency).

Python HTML

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : June 18, 2026, 2:16 p.m. This repo has been linked 24 different CVEs too.

None

Python

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : June 16, 2026, 2:37 a.m. This repo has been linked 10 different CVEs too.

Vulnerability remediation playbooks: detect, fix, validate, rollback — one folder per finding

PowerShell Shell

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : June 11, 2026, 6:11 p.m. This repo has been linked 9 different CVEs too.

None

Python

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : June 11, 2026, 11:49 a.m. This repo has been linked 6 different CVEs too.

None

Python

Updated: 1 month, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : June 1, 2026, 11:40 a.m. This repo has been linked 1 different CVEs too.

None

Python Dockerfile Go Template Go

Updated: 2 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : May 29, 2026, 3:39 a.m. This repo has been linked 9 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-4966 vulnerability anywhere in the article.

  • Huntress
CitrixBleed 2 (CVE-2025-5777) 7Steps to Dragonforce Ransomware | Huntress

A special thanks to the Huntress Security Operations Center (SOC) personnel, for without them we'd be describing the below incidents with far more painful details– and Lindsey Welch, who tirelessly pr ... Read more

Published Date: Jul 09, 2026 (1 week, 3 days ago)
  • CybersecurityNews
The Gentlemen Ransomware Group Uses Fortinet Exploits, AI, and Custom C2 Frameworks

A Russian-speaking ransomware crew known as The Gentlemen has quickly risen to become one of the most active threats in 2026, ranking second only to Qilin in ransomware activity. Their toolkit combine ... Read more

Published Date: Jun 03, 2026 (1 month, 2 weeks ago)
  • The Hacker News
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerabili ... Read more

Published Date: Mar 28, 2026 (3 months, 3 weeks ago)
  • Help Net Security
Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055)

Citrix has fixed two vulnerabilities in NetScaler ADC and NetScaler Gateway, with the more serious flaw (CVE-2026-3055) potentially allowing attackers to extract active session tokens from the memory ... Read more

Published Date: Mar 24, 2026 (3 months, 3 weeks ago)
  • TheCyberThrone
CVE-2026-3055 – Citrix NetScaler Critical SAML IDP Memory Leak

March 24, 2026OverviewOn March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting NetScaler ADC and NetScaler Gateway. CVE-2026-3055 is classified as an out-of-bound ... Read more

Published Date: Mar 24, 2026 (3 months, 3 weeks ago)
  • The Hacker News
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the applicatio ... Read more

Published Date: Mar 24, 2026 (3 months, 3 weeks ago)
  • The Hacker News
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but ... Read more

Published Date: Mar 19, 2026 (3 months, 4 weeks ago)
  • Google Cloud
Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape

Written by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark Introduction Since 2018, when many financially motivated threat actors began shifting their monetization strategy ... Read more

Published Date: Mar 16, 2026 (4 months ago)
  • The Cyber Express
INC Ransom’s Franchise Model Is Putting Critical Infrastructure on the Chopping Block

When Australia’s cyber watchdog issued a fresh advisory on INC Ransom, security teams worldwide are bound to take note — not because INC is new, but because the group’s business model has quietly made ... Read more

Published Date: Mar 06, 2026 (4 months, 1 week ago)
  • CybersecurityNews
Top 20 Most Exploited Vulnerabilities of 2025: A Comprehensive Analysis

The cybersecurity landscape of 2025 has been marked by an unprecedented surge in vulnerability exploitation, with threat actors leveraging critical flaws across enterprise software, cloud infrastructu ... Read more

Published Date: Dec 12, 2025 (7 months, 1 week ago)
  • The Cyber Express
Stolen VPN Credentials Most Common Ransomware Attack Vector

Compromised VPN credentials are the most common initial access vector for ransomware attacks, according to a new report. Nearly half of ransomware attacks in the third quarter abused compromised VPN c ... Read more

Published Date: Nov 20, 2025 (7 months, 4 weeks ago)
  • cybereason.com
Cybereason TTP Briefing Q3 2025: LOLBINs and CVE Exploits Dominate

Explore the latest trends, techniques, and procedures (TTPs) our incident response (IR) experts are actively facing with the TTP Briefing Q3 2025, a report built on frontline threat intelligence from ... Read more

Published Date: Oct 23, 2025 (8 months, 3 weeks ago)
  • The Register
Thousands of Citrix NetScaler boxes still sitting ducks despite patches

Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is already being actively exploited in the wild. Fresh data from the ... Read more

Published Date: Aug 28, 2025 (10 months, 3 weeks ago)
  • The Register
Major outage at Pennsylvania Attorney General's Office blamed on 'cyber incident'

The Pennsylvania's Office of Attorney General (OAG) is blaming a digital blackout of its services on a "cyber incident." The OAG posted a statement to Facebook yesterday, saying that its systems are c ... Read more

Published Date: Aug 12, 2025 (11 months ago)
  • Daily CyberSecurity
ShadowSyndicate’s Global Ransomware Empire Blurs Lines Between Cybercrime and Geopolitical Espionage

Attack infrastructure of ShadowSyndicate overlaps with Toneshell, Rustdoor and Koi stealer | Image: Intrinsec In a recent investigation, cybersecurity firm Intrinsec has illuminated the sprawling infr ... Read more

Published Date: Aug 04, 2025 (11 months, 2 weeks ago)
  • The Hacker News
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) cata ... Read more

Published Date: Jul 11, 2025 (1 year ago)
  • The Register
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit

The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitati ... Read more

Published Date: Jul 10, 2025 (1 year ago)
  • Cyber Security News
PoC Exploits for CitrixBleed2 Flaw Released – Attackers Can Exfiltrate 127 Bytes Per Request

Security researchers have released proof-of-concept exploits for a critical vulnerability dubbed “CitrixBleed2” affecting Citrix NetScaler ADC and Gateway products. The vulnerability, tracked as CVE-2 ... Read more

Published Date: Jul 08, 2025 (1 year ago)
  • BleepingComputer
Public exploits released for CitrixBleed 2 NetScaler flaw, patch now

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable a ... Read more

Published Date: Jul 07, 2025 (1 year ago)
  • Cyber Security News
“CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation

Critical flaw in Citrix NetScaler devices echoes infamous 2023 security breach that crippled major organizations worldwide. The new critical vulnerability in Citrix NetScaler devices has security expe ... Read more

Published Date: Jul 05, 2025 (1 year ago)

The following table lists the changes that have been made to the CVE-2023-4966 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 17, 2026

    Action Type Old Value New Value
    Added SSVC {'id': 'CVE-2023-4966', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'active'}, {'automatable': 'yes'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2023-11-22T05:00:08.466868Z'}
  • CVE Modified by [email protected]

    Jun. 17, 2026

    Action Type Old Value New Value
    Added Affected [{'vendor': 'Citrix', 'product': 'NetScaler ADC', 'versions': [{'status': 'affected', 'version': '14.1', 'lessThan': '8.50', 'versionType': 'patch'}, {'status': 'affected', 'version': '13.1', 'lessThan': '49.15', 'versionType': 'patch'}, {'status': 'affected', 'version': '13.0', 'lessThan': '92.19', 'versionType': 'patch'}, {'status': 'affected', 'version': '13.1-FIPS', 'lessThan': '37.164', 'versionType': 'patch'}, {'status': 'affected', 'version': '12.1-FIPS', 'lessThan': '55.300', 'versionType': 'patch'}, {'status': 'affected', 'version': '12.1-NDcPP', 'lessThan': '55.300', 'versionType': 'patch'}], 'defaultStatus': 'unaffected'}, {'vendor': 'Citrix', 'product': 'NetScaler Gateway', 'versions': [{'status': 'affected', 'version': '14.1', 'lessThan': '8.50', 'versionType': 'patch'}, {'status': 'affected', 'version': '13.1', 'lessThan': '49.15', 'versionType': 'patch'}, {'status': 'affected', 'version': '13.0', 'lessThan': '92.19', 'versionType': 'patch'}], 'defaultStatus': 'unaffected'}]
  • Modified Analysis by [email protected]

    Oct. 24, 2025

    Action Type Old Value New Value
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966 Types: US Government Resource
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966
  • Modified Analysis by [email protected]

    Mar. 13, 2025

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Feb. 13, 2025

    Action Type Old Value New Value
    Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.  Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.
  • CVE Modified by [email protected]

    Feb. 03, 2025

    Action Type Old Value New Value
    Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.  Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 
  • Modified Analysis by [email protected]

    Jan. 27, 2025

    Action Type Old Value New Value
    Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.  Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html
    Added Reference https://support.citrix.com/article/CTX579459
  • CVE Modified by [email protected]

    Nov. 21, 2024

    Action Type Old Value New Value
    Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.  Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 
  • Modified Analysis by [email protected]

    Aug. 14, 2024

    Action Type Old Value New Value
    Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.  Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
  • CVE Modified by [email protected]

    Aug. 02, 2024

    Action Type Old Value New Value
    Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.  Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 
  • Modified Analysis by [email protected]

    Jun. 17, 2024

    Action Type Old Value New Value
    Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.  Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Feb. 29, 2024

    Action Type Old Value New Value
    Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.  Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 
  • Modified Analysis by [email protected]

    Jan. 09, 2024

    Action Type Old Value New Value
    Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.  Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
    Changed Reference Type http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html No Types Assigned http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html Third Party Advisory, VDB Entry
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.  Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 
  • CVE Modified by [email protected]

    Oct. 25, 2023

    Action Type Old Value New Value
    Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.  Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
    Added Reference http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html [No Types Assigned]
  • Initial Analysis by [email protected]

    Oct. 18, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    Changed Reference Type https://support.citrix.com/article/CTX579459 No Types Assigned https://support.citrix.com/article/CTX579459 Vendor Advisory
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* versions from (including) 12.1 up to (excluding) 12.1-55.300 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:* versions from (including) 12.1 up to (excluding) 12.1-55.300 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 13.0 up to (excluding) 13.0-92.19 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* versions from (including) 13.1 up to (excluding) 13.1-37.164 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 13.1 up to (excluding) 13.1-49.15 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 14.1 up to (excluding) 14.1-8.50 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0 up to (excluding) 13.0-92.19 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 13.1 up to (excluding) 13.1-49.15 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 14.1 up to (excluding) 14.1-8.50
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.