Security News > 2023 > October > Citrix urges 'immediate; patch for critical NetScaler bug as exploit POC made public
Citrix has urged admins to "Immediately" apply a fix for CVE-2023-4966, a critical information disclosure bug that affects NetScaler ADC and NetScaler Gateway, admitting it has been exploited.
Plus, there's a proof-of-concept exploit, dubbed Citrix Bleed, now on GitHub.
Six days after the Google-owned threat intel firm sounded the alarm, Citrix weighed in.
Oddly, Citrix didn't release any additional details about these targeted attacks, which Mandiant last week said were used to hit tech firms, government organizations, and professional services companies.
A Citrix spokesperson declined to comment on how many organizations have been compromised, and who or what the criminals are targeting in the attacks.
"The security bulletin and blog are the extent of our external statements at this time," the Citrix spokesperson told The Register.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/10/24/citrix_critical_patch/
Related news
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-4966 | Unspecified vulnerability in Citrix products Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. | 7.5 |