Critical Vulnerability in Citrix Products - November 17, 2023

Critical Vulnerability in Citrix Products

Friday, November 17, 2023

View Showroom

Company: ATM Industry Association

Please see the below key messages from the ACSC:

  • ASD is aware of multiple vulnerabilities related to Citrix products, and is aware of active exploitation in Australia.
    • Citrix NetScaler ADC (CVE-2023-3519) which allows a malicious actor to exploit a vulnerability and execute code remotely without authentication.
    • Citrix NetScaler Gateway (CVE-2023-4966), also known as CitrixBleed, which might allow a malicious actor to exploit a vulnerability to obtain sensitive information disclosure and conduct session hijacking.
  • ASD’s ACSC is aware of active exploitation attempts against Australian organisations. Australian organisations using unpatched Citrix products are at risk of malicious actors using these vulnerabilities to gain unauthorised access to their networks.
  • ASD’s ACSC strongly recommends that affected Australian organisations patch as soon as possible, and monitor for malicious activity.
  • ASD’s ACSC recommend organisations continue to refer to and Citrix’s website for updates.
  • Please contact the Australian Cyber Security Hotline 1300 CYBER1 (1300 292 371) for any questions, or report incidents related to these vulnerabilities via ReportCyber at

The full alert can be found here: Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities |

Additional Resources from ATM Industry Association

ATM Industry Association White Papers
ATM Industry Association Press Releases / Blog Posts

Global Sponsor - Auriga
Global Sponsor - KAL
Global Sponsor - FIS
Global Sponsor - Diebold Nixdorf
Global Sponsor - Prosegur
Global Sponsor - Euronet Worldwide
Global Sponsor - DPL
Global Sponsor - PAI
Become a Global Sponsor
In This Section
Coronavirus Member Blogs
Special Offer Image ATM Security Association Image

Global Sponsors