CVE-2023-4966

Citrix NetScaler 'CitrixBleed' — Session Token Memory Leak Enables Unauthenticated Session Hijacking on Gateway and AAA Endpoints
🔥 CVSS 3.1  9.4 / 10 — CRITICAL 🔴 CISA Known Exploited Vulnerability

Overview

Actively Exploited. This vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog on October 18, 2023 with a remediation deadline of November 8, 2023. Federal agencies are required to apply mitigations per BOD 22-01.

CVE-2023-4966, nicknamed "CitrixBleed," is a sensitive information disclosure vulnerability in Citrix NetScaler ADC and NetScaler Gateway. A buffer over-read in the HTTP/S endpoint processing leaks contents of NetScaler memory — including active session tokens for authenticated VPN and application sessions. An unauthenticated attacker who obtains a valid session token can hijack that session, bypassing all authentication including multi-factor authentication, without knowing any user credentials.

Discovered by Mandiant as a zero-day in July 2023, CitrixBleed was exploited for months before patching by nation-state actors, then rapidly adopted by LockBit ransomware and other criminal groups following public disclosure. The exploitation is particularly insidious: patching alone is insufficient — session tokens harvested before patching remain valid until explicitly terminated.

What Is Citrix NetScaler ADC/Gateway?

Citrix NetScaler ADC (Application Delivery Controller, formerly Citrix ADC/NetScaler) and NetScaler Gateway are network appliances providing load balancing, SSL VPN, remote access, and application delivery. NetScaler Gateway is widely deployed as the VPN gateway for corporate remote access, providing employees access to internal applications. Compromise of a Gateway session token provides the same access as a fully authenticated, MFA-verified VPN session — typically full access to the internal corporate network.

Affected Versions

The vulnerability only affects devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Devices configured in other modes are not affected.

NetScaler Version Vulnerable Fixed Version
NetScaler ADC and Gateway 14.1 Before 14.1-8.50 14.1-8.50
NetScaler ADC and Gateway 13.1 Before 13.1-49.15 13.1-49.15
NetScaler ADC and Gateway 13.0 Before 13.0-92.19 13.0-92.19
NetScaler ADC 13.1-FIPS Before 13.1-37.164 13.1-37.164
NetScaler ADC 12.1-FIPS Before 12.1-55.300 12.1-55.300
NetScaler ADC 12.1-NDcPP Before 12.1-55.300 12.1-55.300
NetScaler ADC and Gateway 12.1 End-of-life No patch — upgrade required

Technical Details

Root Cause: Buffer Over-Read in HTTP/S Request Processing

The vulnerability is a buffer over-read (a form of CWE-119) in the NetScaler HTTP/S stack when processing requests to Gateway or AAA endpoints. An attacker sends a specially crafted HTTP GET request with a manipulated Content-Length or related header that causes the response handler to read beyond the intended buffer boundary in memory.

The leaked memory region contains data from active NetScaler session structures, including authentication tokens for currently-authenticated VPN and application sessions. These tokens are the same NSC_AAAC and NSC_AAATM cookies issued to legitimate users after MFA-verified login.

Why MFA Does Not Protect Against CitrixBleed

When a user completes a Citrix Gateway login with MFA:

  1. MFA is verified; the Gateway issues a session token cookie.
  2. The session token is stored in NetScaler memory as part of the active session state.
  3. CitrixBleed leaks this in-memory token.
  4. The attacker presents the stolen token directly — MFA has already been satisfied for this session.

The attacker never needs to know the user's password or MFA code. The stolen token represents a fully authenticated session.

Critical: Patching Does Not Invalidate Stolen Sessions

Sessions established before patching remain valid after the patch is applied. An attacker who harvested tokens during the zero-day exploitation window retains persistent access until those sessions are explicitly terminated. This is why Citrix's remediation guidance specifically requires killing all active and persistent sessions in addition to patching.

Attack Characteristics

Attribute Detail
Attack Vector Network — NetScaler Gateway/AAA HTTPS endpoint
Authentication Required None — unauthenticated over-read
MFA Bypass Yes — stolen post-MFA session token bypasses MFA entirely
Post-Patch Persistence Yes — harvested tokens remain valid until sessions are killed
Required Configuration Device must be in Gateway or AAA virtual server mode

Discovery

Mandiant discovered CVE-2023-4966 while responding to customer incidents and reported it to Citrix in July 2023. Mandiant confirmed exploitation in the wild beginning in late August 2023 — weeks before the patch was available. The exploitation during this window was attributed to a sophisticated threat actor consistent with nation-state behavior. After Citrix patched and Assetnote published the "CitrixBleed" name and technical details (including a PoC) on October 17, 2023, exploitation expanded rapidly to criminal groups.

Exploitation Context

CitrixBleed became one of the most impactful vulnerabilities of 2023:

  • LockBit ransomware was the primary criminal exploiter; in November 2023 LockBit used CitrixBleed to breach Boeing, DP World Australia (disrupting port operations nationally), Allen & Overy (global law firm), and ICBC Financial Services New York (disrupting US Treasury bond trading)
  • Nation-state exploitation: Mandiant confirmed pre-patch exploitation by a sophisticated threat actor; Google TAG and others confirmed multiple Chinese and Russian APT groups using CitrixBleed for initial access
  • Scale: Approximately 10,000 NetScaler instances were estimated to remain unpatched and exposed at peak exploitation
  • MFA irrelevance: CitrixBleed rendered MFA completely ineffective for protecting Gateway sessions, invalidating a primary defense many organizations relied upon
  • Healthcare and critical infrastructure: Multiple hospitals and critical infrastructure operators were among the victims

Remediation

CISA BOD 22-01 Deadline: November 8, 2023. Apply mitigations and kill all active and persistent sessions per vendor instructions OR discontinue use of the product if mitigations are unavailable.

Step 1: Patch

Upgrade to the fixed NetScaler version for your branch (see table above). NetScaler 12.1 is end-of-life; upgrade to a supported version.

Step 2: Kill All Sessions (Critical — Do Not Skip)

After patching, explicitly terminate all active and persistent sessions:

kill icaconnection -all
kill rdp connection -all
kill pcoipConnection -all
kill aaa session -all
clear lb persistentSessions

These commands must be run on each NetScaler appliance. Sessions established before patching remain valid and potentially compromised until terminated.

Step 3: Hunt for Compromise

Check for evidence of session token theft and use before patching:

  • Review NetScaler access logs for requests to Gateway/AAA endpoints from unusual source IPs, especially prior to the patch date
  • Use Mandiant's open-source Citrix IOC Scanner to identify indicators of compromise
  • Monitor for internal lateral movement from VPN subnet addresses that coincides with the exploitation window

Step 4: Restrict Access

  • Place NetScaler management interfaces (NSIP) behind a jump host or VPN — management access should never be internet-exposed
  • Review which internal resources are accessible via Gateway and apply least-privilege network segmentation

Key Details

PropertyValue
CVE ID CVE-2023-4966
Vendor / Product Citrix — NetScaler ADC and NetScaler Gateway
NVD Published2023-10-10
NVD Last Modified2025-10-24
CVSS 3.1 Score9.4
CVSS 3.1 VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
SeverityCRITICAL
CWE CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer
CISA KEV Added2023-10-18
CISA KEV Deadline2023-11-08
Known Ransomware Use ⚠️ Yes

CVSS 3.1 Breakdown

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Required Action

CISA BOD 22-01 Deadline: 2023-11-08. Apply mitigations and kill all active and persistent sessions per vendor instructions OR discontinue use of the product if mitigations are unavailable.

Timeline

DateEvent
2023-07-01Mandiant reports CVE-2023-4966 to Citrix; zero-day exploitation observed in the wild
2023-10-10Citrix releases patches for affected NetScaler versions; CVE-2023-4966 published
2023-10-17Assetnote publishes 'CitrixBleed' name and technical analysis including PoC
2023-10-18CISA adds CVE-2023-4966 to KEV catalog
2023-10-25Mandiant publishes analysis confirming nation-state exploitation prior to patch
2023-11-08CISA BOD 22-01 remediation deadline; LockBit ransomware confirmed exploiting CitrixBleed
2023-11-21Boeing, DP World Australia, Allen & Overy, and ICBC New York breached via CitrixBleed (LockBit)

References

ResourceType
NVD — CVE-2023-4966 Vulnerability Database
CISA KEV Catalog Entry US Government
Citrix Security Bulletin CTX579459 — NetScaler ADC and Gateway CVE-2023-4966 Vendor Advisory
Assetnote: CitrixBleed — Leaking Session Tokens with CVE-2023-4966 Security Research
Mandiant: Citrix IOC Scanner for CVE-2023-4966 Security Research
BleepingComputer: LockBit Exploits CitrixBleed in Attacks, 10K Servers Exposed Security Research
Tenable: CVE-2023-4966 CitrixBleed Analysis Security Research
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer Weakness Classification

Last updated: 2026-05-01

Gavin Hollinger & AI assembled this air-gap friendly HTML