Citrix NetScaler - Memory Leak CVE-2023-4966
- CVSSv3 Score
- Vulnerability description
Citrix NetScaler server is vulnerable to CVE-2023-4966, an Information Disclosure vulnerability that can be leveraged to achieve unauthorized authentication on the device, affecting the
/oauth/idp/.well-known/openid-configurationendpoint. The root cause of this vulnerability is an improper sanitization of user-provided input inside the Host header. This vulnerability allows an unauthenticated remote attacker to dump a session token in order to authenticate on the webserver.
- Risk description
The risk exists that an unauthenticated remote attacker could leverage the Information Disclosure vulnerability to authenticate on the device in order to pivot in the internal network which will result in a fully compromised network through which they could steal confidential information.
- Exploit capabilities
Sniper can extract custom artefacts as evidence from the target system.
Update the Citrix NetScaler server to one of the currently fixed versions: NetScaler ADC and NetScaler Gateway after versions 14.1-8.50, 13.1-49.50, 13.0-92.19, NetScaler ADC FIPS after versions 13.1-37.164, 12.1-55.300, and NetScaler ADC NDcPP after version 12.1-55.300.
- Citrix Bleed