IRONSMITHINTEL
CRITICALCVSS9.4
|
Actively Exploited
|CISA KEV|CVE-2023-4966|Auth: none — unauthenticated|Reboot: required|Manual only

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability (CVE-2023-4966)

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Published Oct 10, 2023 · Updated May 17, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, partial service disruption. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2023-11-08 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Buffer Overflow (CWE-119) vulnerability in Citrix NetScaler ADC and NetScaler Gateway. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

Network Security Team
Firewall Administrators
IT Security
Running netscaler application delivery controller: 12.1 ≤ v < 12.1-55.300, 13.0 ≤ v < 13.0-92.19, 13.1 ≤ v < 13.1-37.164, 13.1 ≤ v < 13.1-49.15, 14.1 ≤ v < 14.1-8.50; netscaler gateway: 13.0 ≤ v < 13.0-92.19, 13.1 ≤ v < 13.1-49.15, 14.1 ≤ v < 14.1-8.50
Real-world incidentsWhat we've seen

CISA confirms this CVE has been used in known ransomware campaigns. Added to the KEV catalog on 2023-10-18; federal agencies required to remediate by 2023-11-08.

How to patch

Manual remediation steps

1
Identify affected hosts: query inventory for network-security installs in scope.
2
Apply the vendor security update referenced in CVE-2023-4966's advisory. No specific KB/version is encoded yet — consult the linked MSRC/vendor URL.
3
Verify the fix per the vendor's published verification steps.
4
Document the remediation in your change ticket and re-scan with your vulnerability scanner to confirm closure.
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2023-4966MSRC AdvisoryNVDVendor Advisory