Citrix NetScaler ADC 和 NetScaler Gateway 安全公告
針對CVE-2023-4966 和 CVE-2023-4967 漏洞,Citrix原廠已發布受影響範圍、版本及建議更新版本
| CVE ID | 描述 | 先決條件 | CWE |
| CVE-2023-4966 | 敏感信息洩漏 | 設備必須配置為 Gateway (VPN虛擬伺服器、ICA代理、CVPN、RDP代理) 或AAA虛擬伺服器 | CWE-119 |
| CVE-2023-4967 | 拒絕服務 | 設備必須配置為 Gateway (VPN虛擬伺服器、ICA代理、CVPN、RDP代理) 或AAA虛擬伺服器 | CWE-119 |
● NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
● NetScaler ADC and NetScaler Gateway 13.1-49.15 and later releases of 13.1
● NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0
● NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS
● NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS
● NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP
註: NetScaler ADC 和 NetScaler Gateway 12.1 已EOL。建議升級至上述已解決漏洞或更高的版本。
官方公告:
針對 CVE-2023-4966 和 CVE-2023-4967 的 NetScaler ADC 和 NetScaler 閘道安全公告 (citrix.com)