DETECTION OVERVIEW

Citrix NetScaler ADC and NetScaler Gateway Exploit - CVE-2023-4966

Risk Factors

Citrix NetScaler devices are exposed to the internet and the code that exploits this vulnerability is publicly available. An unauthenticated attacker can steal session tokens that help them bypass authentication and launch further attacks on additional networks.

Kill Chain

Exploitation

Risk Score

Attack Background

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway have a sensitive information disclosure vulnerability. To exploit this vulnerability, an unauthenticated attacker sends an HTTP request with a large amount of data (>21739 bytes) in the Host header. The victim processes the request, which results in a buffer overread. The memory beyond this buffer contains a global structure that can include a session token. When the victim sends a response with a 200 status code and a session token, the exploit is successful.

Mitigation Options

Upgrade to a fixed version

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases