Citrix Bleed was assigned a CVSS rating of 9.4/10, making it a high-severity, important info disclosure vulnerability. Very like this vulnerability, Citrix Bleed’s exploit was solely potential within the cases the place NetScaler ADC and Gateway units have been configured as a Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or AAA digital server.
This bug’s lack of ability to show information with very excessive sensitivity separates it from CVE-2023-4966. “This bug is sort of an identical to the Citrix Bleed vulnerability (CVE-2023-4966), besides it’s much less prone to return extremely delicate info to an attacker,” the weblog added.
Citrix silently patched the flaw
Whereas the vulnerability has not been assigned a CVE ID, in all probability as a result of Citrix has made no public disclosure in regards to the vulnerability till now, it was noticed to be fastened in NetScaler model 13.1-51.15.