Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-4966
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Unauthenticated sensitive information disclosure
Source: NVD (National Vulnerability Database)
Vulnerability Description
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Citrix Systems NetScaler ADC和NetScaler Gateway 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Citrix Systems Citrix NetScaler Gateway(Citrix Systems Gateway)和Citrix Systems NetScaler ADC都是美国思杰系统(Citrix Systems)公司的产品。Citrix NetScaler Gateway是一套安全的远程接入解决方案。该方案可为管理员提供应用级和数据级管控功能,以实现用户从任何地点远程访问应用和数据。Citrix Systems NetScaler ADC是一个应用程序交付和安全平台。 NetScale
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
CitrixNetScaler ADC 14.1 ~ 8.50 -
CitrixNetScaler Gateway 14.1 ~ 8.50 -
II. Public POCs for CVE-2023-4966
#POC DescriptionSource LinkShenlong Link
1Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. https://github.com/Chocapikk/CVE-2023-4966POC Details
2Citrix CVE-2023-4966 from assetnote modified for parallel and file handlinghttps://github.com/dinosn/citrix_cve-2023-4966POC Details
3Proof Of Concept for te NetScaler Vulnhttps://github.com/mlynchcogent/CVE-2023-4966-POCPOC Details
4Nonehttps://github.com/IceBreakerCode/CVE-2023-4966POC Details
5Ansible Playbook for CVE-2023-4966https://github.com/ditekshen/ansible-cve-2023-4966POC Details
6CVE-2023-4966 - NetScaler ADC and NetScaler Gateway Memory Leak Exploithttps://github.com/0xKayala/CVE-2023-4966POC Details
7Parse citrix netscaler logs to check for signs of CVE-2023-4966 exploitationhttps://github.com/certat/citrix-logcheckerPOC Details
8An Exploitation script developed to exploit the CVE-2023-4966 bleed citrix information disclosure vulnerabilityhttps://github.com/sanjai-AK47/CVE-2023-4966POC Details
9Nonehttps://github.com/fdevsectest/CVE-2023-4966POC Details
10Scripts to get infoshttps://github.com/s-bt/CVE-2023-4966POC Details
11Programm to exploit a range of ip adresseshttps://github.com/byte4RR4Y/CVE-2023-4966POC Details
12Python script to search Citrix NetScaler logs for possible CVE-2023-4966 exploitation.https://github.com/jmussmann/cve-2023-4966-iocsPOC Details
13Simulates CVE-2023-4966 Citrix Bleed overread bughttps://github.com/morganwdavis/overreadPOC Details
14Proof Of Concept for te NetScaler Vulnhttps://github.com/senpaisamp/Netscaler-CVE-2023-4966-POCPOC Details
15An Exploitation script developed to exploit the CVE-2023-4966 bleed citrix information disclosure vulnerabilityhttps://github.com/RevoltSecurities/CVE-2023-4966POC Details
16Nonehttps://github.com/LucasOneZ/CVE-2023-4966POC Details
17CVE-2023-4966-exploithttps://github.com/akshthejo/CVE-2023-4966-exploitPOC Details
18The vulnerability would enable an attacker to remotely obtain sensitive information from a NetScaler appliance configured as a Gateway or AAA virtual server via a very commonly connected Web interface, and without requiring authentication. This bug is nearly identical to the Citrix Bleed vulnerability (CVE-2023-4966), except it is less likely to return highly sensitive information to an attacker. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/citrix/citrix-oob-memory-read.yamlPOC Details
19Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-4966.yamlPOC Details
20Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Citrix%20NetScaler%20ADC%20&%20Gateway%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E%20CVE-2023-4966.mdPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2023-4966
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: NetScaler ADC
Same vendor: Citrix
Same weakness: CWE-119
V. Comments for CVE-2023-4966

No comments yet

Leave a comment