Security News > 2023 > October > Recently patched Citrix NetScaler bug exploited as zero-day since August

Recently patched Citrix NetScaler bug exploited as zero-day since August
2023-10-18 11:01

A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced.

A report from Mandiant disclosed that it found signs of CVE-2023-4966 being exploited in the wild since August for stealing authentication sessions and hijacking accounts.

Security researchers observed CVE-2023-4966 being exploited for access on infrastructure belonging to government organizations and technology companies.

New critical Citrix NetScaler flaw exposes 'sensitive' data.

Microsoft: State hackers exploiting Confluence zero-day since September.

Hackers hijack Citrix NetScaler login pages to steal credentials.


News URL

https://www.bleepingcomputer.com/news/security/recently-patched-citrix-netscaler-bug-exploited-as-zero-day-since-august/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-4966 Unspecified vulnerability in Citrix products
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
network
low complexity
citrix
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 117 20 177 76 63 336