NetScaler - Information Disclosure (CVE-2023-4966)
90Exploiting IPs reported
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
CrowdSec analysis
CVE-2023-4966 is a critical vulnerability in NetScaler ADC and NetScaler Gateway, which can lead to sensitive information disclosure when the system is configured as a gateway or virtual server.
CrowdSec has been tracking this vulnerability and its exploits since 10th of March 2025.
According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2023-4966 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2023-4966 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2023-4966 is currently experiencing high visibility and active exploitation across the internet.
Observed exploitation attempts target URLs containing /oauth/idp/.well-known/openid-configuration.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.