Citrix has issued a warning to customers regarding ongoing attacks exploiting the CVE-2023-4966 vulnerability in its NetScaler ADC and NetScaler Gateway products. This vulnerability allows threat actors to steal authentication sessions and potentially bypass multifactor authentication [1] [3], posing a significant risk to organizations.


This critical information disclosure vulnerability [2] [5], with a CVSS score of 9.4 [5], has been classified as the highest severity level and has been added to the KEV Catalog by CISA [1]. It enables threat actors to exploit NetScaler ADC and Gateway devices, particularly targeting tech firms, government organizations [4], and professional services companies [4]. However, it is important to note that devices not configured as gateways or AAA virtual servers are not vulnerable to these attacks.

Citrix recommends that users immediately apply the patch to secure their appliances and mitigate the risk. Security experts also advise terminating all active sessions after installing the patch to fully protect against potential exploitation. Citrix has received reports of targeted attacks exploiting this vulnerability [4], highlighting the urgency for organizations to take action.


The exploitation of the CVE-2023-4966 vulnerability in Citrix’s NetScaler ADC and Gateway products poses a significant threat to organizations. By stealing authentication sessions and potentially bypassing multifactor authentication [1] [3], threat actors can gain unauthorized access to sensitive information. To mitigate this risk [5], it is crucial for users to promptly apply the patch and terminate all active sessions. Failure to do so may result in severe consequences for tech firms, government organizations [4], and professional services companies [4]. It is imperative that organizations remain vigilant and take proactive measures to secure their appliances and protect against future vulnerabilities.