change in severity

2023-10-25 06:28:44 +05:30 · 2023-10-25 06:28:44 +05:30 · 72df19dd8d
parent cdaa35cf93
commit 72df19dd8d
1 changed files with 4 additions and 4 deletions
--- a/http/cves/2023/CVE-2023-4966.yaml
+++ b/http/cves/2023/CVE-2023-4966.yaml
@ -3,7 +3,7 @@ id: CVE-2023-4966
 info:
  name: Citrix Bleed - Leaking Session Tokens
  author: DhiyaneshDK
-  severity: high
+  severity: critical
  description: |
    Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
  reference:
@ -12,8 +12,8 @@ info:
    - https://x.com/assetnote/status/1716757539323564196?s=20
    - https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 7.5
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
+    cvss-score: 9.4
    cve-id: CVE-2023-4966
    cwe-id: CWE-119
    epss-score: 0.00751
@ -23,7 +23,7 @@ info:
    verified: "true"
    max-request: 1
    shodan-query: title:"Citrix Gateway" || title:"Netscaler Gateway"
-  tags: cve,2023,citrix,adc,info-leak
+  tags: cve,2023,citrix,adc,info-leak,kev

 variables:
  payload: '{{repeat("a", 24812)}}'