Critical Security Vulnerability for NetScaler ADC and NetScaler Gateway

October 12, 2023 Zack Prichard

Keyboard with Text sign showing Vulnerability for Citrix NetScaler.

On October 10, 2023, Citrix released a security bulletin concerning the discovery of two critical vulnerabilities. This announcement highlighted vulnerabilities in their flagship products: NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly known as Citrix Gateway). These vulnerabilities are particularly concerning as, if successfully exploited, they could compromise the integrity and security of systems and data. Specifically, the vulnerabilities could lead to:

  • CVE-2023-4966: Sensitive information disclosure
  • CVE-2023-4967: Denial of service

NetScaler CVE ID chart

Source: Citrix

Affected NetScaler Versions

The following versions of NetScaler ADC and NetScaler Gateway are affected:

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
  • NetScaler ADC 13.1-FIPS before 13.1-37.164
  • NetScaler ADC 12.1-FIPS before 12.1-55.300
  • NetScaler ADC 12.1-NDcPP before 12.1-55.300

These vulnerabilities do not directly impact customers utilizing Citrix-managed cloud services or Citrix-managed Adaptive Authentication, and, as such, no immediate action is required.

Another important item to note is that NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL) and remains vulnerable.

For more detailed information, please refer to the official Citrix security bulletin on the Citrix Knowledge Center.

Recommended Action

In light of these recent discoveries, OneNeck cannot emphasize enough the importance of timely action. We strongly urge all affected customers to prioritize the installation of the updated versions of NetScaler ADC and NetScaler Gateway. By doing so, you can ensure your systems’ continued security and integrity, safeguarding them against potential exploits.

We have some reassuring news for our valued customers utilizing OneNeck’s managed services. We’ve already initiated contact and are actively supporting you in addressing these vulnerabilities. Rest assured, we’re on top of this situation to ensure your systems remain secure.

OneNeck’s Commitment to Customer Security

At OneNeck, we prioritize the security of our customers. We understand the complexities and challenges of managing and updating IT infrastructure. Beyond these immediate concerns, we also offer Citrix Assurance Services as well as comprehensive patch management to ensure long-term system security and stability. As a trusted partner, we stand ready to help any customer needing support, whether for installing the necessary patches or for broader IT management solutions.

Additionally, we invite you to check out our Monthly Patching Blog series. It’s a valuable resource to keep you informed on the latest critical updates from our vendors, ensuring you’re always ahead of potential threats.

If you require assistance or have any concerns, please contact our Customer Care Center. Our team is ready and available to guide you through the update process and beyond, ensuring your systems remain secure and resilient.

grey line for Citrix NetScaler vulnerability blog.

Previous Article
Maintaining Cyber Vigilance in a World of Digital Threats
Maintaining Cyber Vigilance in a World of Digital Threats

The world’s attention is spread thin from the recent unrest in the Middle East to the prolonged conflict be...

Next Article
Microsoft Teams for VDI – What You Need to Know
Microsoft Teams for VDI – What You Need to Know

Many organizations have adopted Microsoft Teams as a cornerstone in the ever-evolving world of remote work ...