Security News > 2023 > October > Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)
A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed.
They exploited CVE-2023-4966 to hijack existing authenticated sessions, which means that they were able to effectively bypass multifactor authentication requirements.
"These sessions may persist after the update to mitigate CVE-2023-4966 has been deployed. Additionally, we have observed session hijacking where session data was stolen prior to the patch deployment, and subsequently used by a threat actor," Mandiant noted.
"The authenticated session hijacking could then result in further downstream access based upon the permissions and scope of access that the identity or session was permitted. A threat actor could utilize this method to harvest additional credentials, laterally pivot, and gain access to additional resources within an environment."
In late August, a ransomware group targeted internet-facing unpatched Citrix NetScaler systems by leveraging CVE-2023-3519.
Citrix urges customers to update to a fixed version of NetScaler ADC and NetScaler Gateway as soon as possible.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-4966 | Unspecified vulnerability in Citrix products Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. | 7.5 |
| 2023-07-19 | CVE-2023-3519 | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |