Citrix issued an alert (10/10/2023) about a critical vulnerability (CVE-2023-4966) in all NetScaler (Citrix ADC) & Gateway systems. Several working exploits have been published.
Please note that simply updating the systems is not enough. The connection tokens must also be reset.
Important ! There are no patches for NetScaler (Citrix ADC) version 12.1 or older. These systems have reached their EOL and will therefore no longer be equipped with the necessary fix. In this case please update to the latest 13.0, 13.1 or 14.1 version.
The vulnerability allows anonymous remote code execution and thus unauthenticated attackers to take over various machines with root privileges.
Continue reading “Checklist for NetScaler (Citrix ADC) CVE-2023-4966”