![]() ![]() A demonstration of the script can be seen below. We have covered issues in NetScaler before here and here.įor those who want to just see the exploit or test for exposure, our proof-of-concept is available here. NetScaler Gateway usually refers to the VPN and authentication components, whereas ADC refers to the load balancing and traffic management features. Our goal was to understand the vulnerability and develop a check for our Attack Surface Management platform.įor those unfamiliar with Citrix NetScaler, it is a network device providing load balancing, firewall and VPN services. ![]() The high score for an information disclosure vulnerability and the mention of "buffer-related vulnerabilities" piqued our interest. We were interested in CVE-2023-4966, which was described as "sensitive information disclosure" and had a CVSS score of 9.4. These issues affected Citrix NetScaler ADC and NetScaler Gateway. It's time for another round Citrix Patch Diffing! Earlier this month Citrix released a security bulletin which mentioned "unauthenticated buffer-related vulnerabilities" and two CVEs. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |