Detections
Analytics
CVE-2023-4966
high
Description
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
From the Tenable Blog
CVE-2023-4966 (CitrixBleed): Invalidate Active or Persistent Sessions To Prevent Further Compromise
Published: 2023-12-06
Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication
Frequently Asked Questions for CitrixBleed (CVE-2023-4966)
Published: 2023-11-20
Frequently asked questions relating to a critical vulnerability in Citrix NetScaler that has been under active exploitation for over a month, including by ransomware groups.
CVE-2023-4966: Citrix NetScaler ADC and NetScaler Gateway Information Disclosure Exploited in the Wild
Published: 2023-10-18
A critical information disclosure vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway has been exploited in the wild as a zero-day vulnerability. Organizations are urged to patch immediately.
References
http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html
https://thehackernews.com/2025/04/critical-ivanti-flaw-actively-exploited.html
https://news.sophos.com/en-us/2025/04/02/2025-sophos-active-adversary-report/
https://www.ic3.gov/Media/News/2024/241010.pdf
https://services.google.com/fh/files/misc/m-trends-2024.pdf
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-attacks-exploits
https://www.secureworks.com/blog/lockbit-in-action
https://blog.talosintelligence.com/talos-ir-quarterly-report-q4-2023/
https://therecord.media/hhs-warns-of-citrix-bleed-bug
https://cyberplace.social/@GossiTheDog/111502145876827515
https://cybernews.com/news/yanfeng-ransomware-attack-claimed-qilin/
https://isc.sans.edu/diary/rss/30498
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
https://cyberplace.social/@GossiTheDog/111408758925049114
https://www.theregister.com/2023/10/31/mass_exploitation_citrix_bleed/
https://www.mandiant.com/resources/blog/session-hijacking-citrix-cve-2023-4966
Details
Published: 2023-10-10
Updated: 2025-03-13
Named Vulnerability: CitrixBleedNamed Vulnerability: Citrix BleedKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
Severity: High
CVSS v3
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: High
EPSS
EPSS: 0.94378
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Concern