CVE-2023-4966

Description

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

From the Tenable Blog

CVE-2023-4966 (CitrixBleed): Invalidate Active or Persistent Sessions To Prevent Further Compromise

Published: 2023-12-06

Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication

Frequently Asked Questions for CitrixBleed (CVE-2023-4966)

Published: 2023-11-20

Frequently asked questions relating to a critical vulnerability in Citrix NetScaler that has been under active exploitation for over a month, including by ransomware groups.

CVE-2023-4966: Citrix NetScaler ADC and NetScaler Gateway Information Disclosure Exploited in the Wild

Published: 2023-10-18

A critical information disclosure vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway has been exploited in the wild as a zero-day vulnerability. Organizations are urged to patch immediately.

References

https://thehackernews.com/2025/04/critical-ivanti-flaw-actively-exploited.html

https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability

https://news.sophos.com/en-us/2025/04/02/2025-sophos-active-adversary-report/

https://www.securityweek.com/citrix-cisco-fortinet-zero-days-among-2023s-most-exploited-vulnerabilities/

https://www.tenable.com/blog/from-bugs-to-breaches-25-significant-cves-as-mitre-cve-turns-25

https://www.ic3.gov/Media/News/2024/241010.pdf

https://www.bleepingcomputer.com/news/security/embargo-ransomware-escalates-attacks-to-cloud-environments/

https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/

https://services.google.com/fh/files/misc/m-trends-2024.pdf

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-attacks-exploits

https://www.secureworks.com/blog/lockbit-in-action

https://blog.talosintelligence.com/talos-ir-quarterly-report-q4-2023/

https://www.tenable.com/blog/cve-2023-6548-cve-2023-6549-zero-day-vulnerabilities-netscaler-adc-gateway-exploited

https://isc.sans.edu/diary/rss/30498

https://www.tenable.com/blog/cve-2023-4966-citrixbleed-invalidate-sessions-to-prevent-compromise

https://therecord.media/hhs-warns-of-citrix-bleed-bug

https://cyberplace.social/@GossiTheDog/111502145876827515

https://cybernews.com/news/yanfeng-ransomware-attack-claimed-qilin/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-exploits-citrix-bleed-in-attacks-10k-servers-exposed/

https://cyberplace.social/@GossiTheDog/111408758925049114

https://www.theregister.com/2023/10/31/mass_exploitation_citrix_bleed/

https://www.mandiant.com/resources/blog/session-hijacking-citrix-cve-2023-4966

https://www.tenable.com/blog/cve-2023-4966-citrix-netscaler-adc-and-netscaler-gateway-information-disclosure-exploited-in

https://www.bleepingcomputer.com/news/security/recently-patched-citrix-netscaler-bug-exploited-as-zero-day-since-august/

https://support.citrix.com/article/CTX579459

http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3