Description |
In CVE-2023-4966, a critical sensitive information disclosure vulnerability in Citrix NetScaler ADC and NetScaler Gateway is present when it is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
It's a buffer overflow that could allow attackers to disclose sensitive information, such as session authentication, and bypass MFA. The vulnerability poses a risk of unauthorized access, data breaches, and system compromise.
This article describes the assessment of sensitive information disclosure vulnerability in Citrix NetScaler ADC and NetScaler Gateway. |
Scope | FortiDAST Scripting Engine updated in version 24.1 |
Solution |
Detection against that vulnerability is empowered by the FortiDAST Scripting Engine (FSE). For reference, a step-by-step guide on how to configure FortiDAST to trigger FSE can be found on Fortinet’s blog: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.