Security News > 2023 > October > Citrix urges 'immediate; patch for critical NetScaler bug as exploit POC made public
Citrix has urged admins to "Immediately" apply a fix for CVE-2023-4966, a critical information disclosure bug that affects NetScaler ADC and NetScaler Gateway, admitting it has been exploited.
Plus, there's a proof-of-concept exploit, dubbed Citrix Bleed, now on GitHub.
Six days after the Google-owned threat intel firm sounded the alarm, Citrix weighed in.
Oddly, Citrix didn't release any additional details about these targeted attacks, which Mandiant last week said were used to hit tech firms, government organizations, and professional services companies.
A Citrix spokesperson declined to comment on how many organizations have been compromised, and who or what the criminals are targeting in the attacks.
"The security bulletin and blog are the extent of our external statements at this time," the Citrix spokesperson told The Register.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/10/24/citrix_critical_patch/
Related news
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) (source)
- Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-4966 | Unspecified vulnerability in Citrix products Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. | 7.5 |