Security News > 2023 > October > 'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in
Citrix Bleed, the critical information-disclosure bug that affects NetScaler ADC and NetScaler Gateway, is now under "Mass exploitation," as thousands of Citrix NetScaler instances remain vulnerable, according to security teams.
In the past week, GreyNoise observed 137 individual IP addresses attempting to exploit this Citrix vulnerability.
Citrix disclosed and issued a patch for the flaw - CVE-2023-4966 - on October 10.
"Given the widespread adoption of Citrix in enterprises globally, we suspect the number of impacted organizations is far greater and in several sectors," the Google-owned threat-intel team wrote in a blog.
While the US government's Cybersecurity and Infrastructure Security Agency last Wednesday added CVE-2023-4966 to its Known Exploited and Vulnerabilities Catalog, it still lists the vulnerability as "Unknown" in the "Used in ransomware campaigns" column.
Citrix declined to answer The Register's questions, including if customers have reported the bug being exploited by ransomware groups.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/10/31/mass_exploitation_citrix_bleed/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-10 | CVE-2023-4966 | Unspecified vulnerability in Citrix products Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. | 7.5 |