Fixes issued for critical Citrix NetScaler vulnerability

Patches have been released by Citrix for a critical flaw affecting NetScaler Application Delivery Controller and NetScaler Gateway instances, which could be exploited to facilitate the disclosure of sensitive data without any authentication, according to SecurityWeek. Impacted by the vulnerability, tracked as CVE-2023-4966, are customer-managed NetScaler ADC and NetScaler Gateway versions 13.0, 13.1, and 14.1, as well as NetScaler ADC 12.1-NDcPP, 12.1-FIPS, and 13.1-FIPS, said Citrix. "NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL) and is vulnerable. Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities," Citrix added. Citrix has also fixed a high-severity denial-of-service bug, tracked as CVE-2023-4967, as part of the updates while offering hotfixes for five Citrix Hypervisor 8.2 CU1 LTSR bugs, which could be exploited to enable malicious code execution. "Note that there is not a one-to-one correlation between these hotfixes and the addressed issues; we recommend that you always apply all of the hotfixes," noted Citrix.