Security News > 2023 > October > Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)
2023-10-18 14:14

A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed.

They exploited CVE-2023-4966 to hijack existing authenticated sessions, which means that they were able to effectively bypass multifactor authentication requirements.

"These sessions may persist after the update to mitigate CVE-2023-4966 has been deployed. Additionally, we have observed session hijacking where session data was stolen prior to the patch deployment, and subsequently used by a threat actor," Mandiant noted.

"The authenticated session hijacking could then result in further downstream access based upon the permissions and scope of access that the identity or session was permitted. A threat actor could utilize this method to harvest additional credentials, laterally pivot, and gain access to additional resources within an environment."

In late August, a ransomware group targeted internet-facing unpatched Citrix NetScaler systems by leveraging CVE-2023-3519.

Citrix urges customers to update to a fixed version of NetScaler ADC and NetScaler Gateway as soon as possible.


News URL

https://www.helpnetsecurity.com/2023/10/18/cve-2023-4966/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-4966 Unspecified vulnerability in Citrix products
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
network
low complexity
citrix
7.5
2023-07-19 CVE-2023-3519 Code Injection vulnerability in Citrix products
Unauthenticated remote code execution
network
low complexity
citrix CWE-94
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 116 19 175 79 65 338