On October 10, 2023, Citrix released a security bulletin concerning the discovery of two critical vulnerabilities. This announcement highlighted vulnerabilities in their flagship products: NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly known as Citrix Gateway). These vulnerabilities are particularly concerning as, if successfully exploited, they could compromise the integrity and security of systems and data. Specifically, the vulnerabilities could lead to:
- CVE-2023-4966: Sensitive information disclosure
- CVE-2023-4967: Denial of service
Source: Citrix
Affected NetScaler Versions
The following versions of NetScaler ADC and NetScaler Gateway are affected:
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
- NetScaler ADC 13.1-FIPS before 13.1-37.164
- NetScaler ADC 12.1-FIPS before 12.1-55.300
- NetScaler ADC 12.1-NDcPP before 12.1-55.300
These vulnerabilities do not directly impact customers utilizing Citrix-managed cloud services or Citrix-managed Adaptive Authentication, and, as such, no immediate action is required.
Another important item to note is that NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL) and remains vulnerable.
For more detailed information, please refer to the official Citrix security bulletin on the Citrix Knowledge Center.
Recommended Action
In light of these recent discoveries, OneNeck cannot emphasize enough the importance of timely action. We strongly urge all affected customers to prioritize the installation of the updated versions of NetScaler ADC and NetScaler Gateway. By doing so, you can ensure your systems’ continued security and integrity, safeguarding them against potential exploits.
We have some reassuring news for our valued customers utilizing OneNeck’s managed services. We’ve already initiated contact and are actively supporting you in addressing these vulnerabilities. Rest assured, we’re on top of this situation to ensure your systems remain secure.
OneNeck’s Commitment to Customer Security
At OneNeck, we prioritize the security of our customers. We understand the complexities and challenges of managing and updating IT infrastructure. Beyond these immediate concerns, we also offer Citrix Assurance Services as well as comprehensive patch management to ensure long-term system security and stability. As a trusted partner, we stand ready to help any customer needing support, whether for installing the necessary patches or for broader IT management solutions.
Additionally, we invite you to check out our Monthly Patching Blog series. It’s a valuable resource to keep you informed on the latest critical updates from our vendors, ensuring you’re always ahead of potential threats.
If you require assistance or have any concerns, please contact our Customer Care Center. Our team is ready and available to guide you through the update process and beyond, ensuring your systems remain secure and resilient.
