Security News > 2023 > October > Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)
2023-10-30 11:37

CVE-2023-4966, aka "Citrix Bleed", a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors.

Threat actors have been quick to leverage vulnerabilities in Citrix NetScaler ADC in the past, and this vulnerability is obviously no exception.

CVE-2023-4966 is a remotely and easily exploitable vulnerability that allows attackers to grab valid session tokens from internet-facing vulnerable Netscaler devices' memory.

A week later, Mandiant researchers revealed that the vulnerability has been exploited as a zero-day by attackers since late August 2023, to attack professional services, technology, and government organizations.

Mandiant pointed out that updating vulnerable devices is not enough to boot the attackers from them - they advised admins to terminate all active sessions and check whether the attackers left behind web shells or backdoors.

"Due to the lack of available log records or other artifacts of exploitation activity, as a precaution, organizations should consider rotating credentials for identities that were provisioned for accessing resources via a vulnerable NetScaler ADC or Gateway appliance," Mandiant researchers noted.


News URL

https://www.helpnetsecurity.com/2023/10/30/cve-2023-4966-exploited/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-4966 Unspecified vulnerability in Citrix products
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
network
low complexity
citrix
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 118 20 177 80 65 342
Progress 28 3 53 45 25 126