On October 10th, Citrix officially informed about the vulnerability in the Netscaler software, CVE-2023-4966, which is categorized as “critical” according to CVSS with a score of 9.4 and allows unauthorized access to corporate networks.
Greenbone has reacted to these vulnerabilities and implemented vulnerability tests at an early stage. Greenbone customers using the Citrix Netscaler Gateway, or ADC, are therefore on the safe side.
Nevertheless, the vulnerability is serious, which is why the BSI issues an urgent warning:
“The vulnerability allows attackers to disclose sensitive information without authentication. This allows authenticated sessions to be hijacked and multifactor authentication (MFA) or other means of authentication to be bypassed”.
The vulnerability, which has been actively exploited since the end of August, has been reported in numerous media outlets. Users should install the patches provided by Citrix as soon as possible. Citrix’s NetScaler ADC and NetScaler Gateway products, versions 13 and 14, and versions 12 and 13 of NetScaler ADC are affected. In addition to CVE-2023-4966, an advisory has been issued for CVE-2023-4967, which allows a Denial of Service (DoS).
Keep your IT networks secure!
Vulnerability management is a key tool in securing IT networks. It enables you to identify and eliminate potential risks in your systems. The Greenbone Enterprise Feed is updated daily to detect new vulnerabilities. Therefore, we recommend regular updates and scans for all your systems. Please also read this article about IT security and the timeline of common attack vectors.
The Greenbone Enterprise Appliances are offered as hardware, virtual appliances, or on premise (Greenbone Cloud Service). Greenbone works GDPR-compliant and offers an open-source solution. This means the best data protection compliance and is thus guaranteed to be completely free of backdoors.