Unauthenticated Out-of-Bounds Memory Read Vulnerability in Citrix NetScaler ADC and Gateway

Share :

On May 6, 2024, Bishop Fox publicly disclosed a vulnerability along with a proof of concept (PoC) exploit in Citrix NetScaler ADC and Gateway, identified as an unauthenticated out-of-bounds memory read issue in the components used for Authentication, Authorization, and Auditing (AAA). This vulnerability enables attackers to potentially retrieve sensitive data from the memory of the affected appliance including HTTP request bodies, which may contain credentials for accessing Citrix NetScaler ADC and gateway appliances, as well as cookies. A specific Common Vulnerabilities Exposures (CVE) ID for this vulnerability or Common Vulnerability Scoring System (CVSS) score is not available at this time. 

Although Arctic Wolf has not observed active exploitation of this vulnerability in the wild, Bishop Fox has stated this vulnerability is nearly identical to Citrix Bleed, a critical vulnerability exploited by multiple ransomware threat actors in late 2023 to target several industries, except it is less likely to return highly sensitive information to an attacker. Arctic Wolf assesses that threat actors are likely to draw their attention to this vulnerability due to the close similarities with Citrix Bleed and its potential impact upon exploitation. 


Upgrade To a Fixed Version of Citrix NetScaler ADC and Gateway

Arctic Wolf strongly recommends upgrading to version 13.1-51.15 or later to address this vulnerability. 

Affected Product  Affected Versions  Fixed Version 
Citrix NetScaler ADC and Gateway  13.1-50.23  13.1-51.15 or later 


Please follow your organization’s patching and testing guidelines to avoid any operational impact. 


Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Subscribe to our Monthly Newsletter