Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability (CVE-2023-4966) | allinfosecnews.com

Nov. 10, 2023, 6:38 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is the Attack?

According to the blog published by Citrix, CVE-2023-4966 is a buffer overflow vulnerability that can result in unauthorized data disclosure on Citrix NetScaler ADC and NetScaler Gateway products.

These products when configured as a gateway or as an authentication, authorization and auditing (AAA) virtual servers have this particular weakness. The advisory also states that the vulnerability is rated critical, and no workarounds are available. Only an upgrade to the affected products can mitigate the attack.

Why …

adc attack auditing authentication authorization blog buffer buffer overflow buffer overflow vulnerability citrix citrix netscaler citrix netscaler adc cve cve-2023-4966 data disclosure gateway netscaler netscaler adc netscaler gateway overflow products result servers virtual vulnerability what is

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671) 4 days, 18 hours ago | fortiguard.fortinet.com

browser can chrome chromium +15

GitLab Password Reset Vulnerability (CVE-2023-7028) 1 week ago | fortiguard.fortinet.com

account administrator attacker cisa +23

Tinyproxy use-after-free Vulnerability (CVE-2023-49606) 1 week, 2 days ago | fortiguard.fortinet.com

actor arbitrary code can code +21

ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 1 week, 4 days ago | fortiguard.fortinet.com

access advisory application attackers +29

Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 2 weeks, 3 days ago | fortiguard.fortinet.com

CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 2 weeks, 4 days ago | fortiguard.fortinet.com

attackers attacks cisa cisa known exploited vulnerabilities +27

ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 3 weeks, 3 days ago | fortiguard.fortinet.com

adaptive security advisory april arcanedoor +22

Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 3 weeks, 3 days ago | fortiguard.fortinet.com

access advisory akira akira ransomware +17

PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 1 month ago | fortiguard.fortinet.com

advisory attack code code injection +27

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States

View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France

View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom

View on infosec-jobs.com