Critical Security Vulnerability for NetScaler ADC and NetScaler Gateway

On October 10, 2023, Citrix released a security bulletin concerning the discovery of two critical vulnerabilities. This announcement highlighted vulnerabilities in their flagship products: NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly known as Citrix Gateway). These vulnerabilities are particularly concerning as, if successfully exploited, they could compromise the integrity and security of systems and data. Specifically, the vulnerabilities could lead to:

  • CVE-2023-4966: Sensitive information disclosure
  • CVE-2023-4967: Denial of service

NetScaler CVE ID chart

Source: Citrix

Affected NetScaler Versions

The following versions of NetScaler ADC and NetScaler Gateway are affected:

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
  • NetScaler ADC 13.1-FIPS before 13.1-37.164
  • NetScaler ADC 12.1-FIPS before 12.1-55.300
  • NetScaler ADC 12.1-NDcPP before 12.1-55.300

These vulnerabilities do not directly impact customers utilizing Citrix-managed cloud services or Citrix-managed Adaptive Authentication, and, as such, no immediate action is required.

Another important item to note is that NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL) and remains vulnerable.

For more detailed information, please refer to the official Citrix security bulletin on the Citrix Knowledge Center.

Recommended Action

In light of these recent discoveries, OneNeck cannot emphasize enough the importance of timely action. We strongly urge all affected customers to prioritize the installation of the updated versions of NetScaler ADC and NetScaler Gateway. By doing so, you can ensure your systems’ continued security and integrity, safeguarding them against potential exploits.

We have some reassuring news for our valued customers utilizing OneNeck’s managed services. We’ve already initiated contact and are actively supporting you in addressing these vulnerabilities. Rest assured, we’re on top of this situation to ensure your systems remain secure.

OneNeck’s Commitment to Customer Security

At OneNeck, we prioritize the security of our customers. We understand the complexities and challenges of managing and updating IT infrastructure. Beyond these immediate concerns, we also offer Citrix Assurance Services as well as comprehensive patch management to ensure long-term system security and stability. As a trusted partner, we stand ready to help any customer needing support, whether for installing the necessary patches or for broader IT management solutions.

Additionally, we invite you to check out our Monthly Patching Blog series. It’s a valuable resource to keep you informed on the latest critical updates from our vendors, ensuring you’re always ahead of potential threats.

If you require assistance or have any concerns, please contact our Customer Care Center. Our team is ready and available to guide you through the update process and beyond, ensuring your systems remain secure and resilient.

grey line for Citrix NetScaler vulnerability blog.

Additional Resources:

Get In Touch

Call Us

For general inquiries, call: 855.ONENECK

Immediate Assistance

Managed services support: 800.272.3077
Non-managed service support: 515.334.5755
Or visit our service desk:
Service Desk Portal

Chat With Us

Hours available: 24/7
Start a Chat

OneNeck Headquarters

525 Junction Road
Madison, WI 53717
View All Locations

Talk to Our Team