Security News > 2023 > October > 'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in

'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in
2023-10-31 20:45

Citrix Bleed, the critical information-disclosure bug that affects NetScaler ADC and NetScaler Gateway, is now under "Mass exploitation," as thousands of Citrix NetScaler instances remain vulnerable, according to security teams.

In the past week, GreyNoise observed 137 individual IP addresses attempting to exploit this Citrix vulnerability.

Citrix disclosed and issued a patch for the flaw - CVE-2023-4966 - on October 10.

"Given the widespread adoption of Citrix in enterprises globally, we suspect the number of impacted organizations is far greater and in several sectors," the Google-owned threat-intel team wrote in a blog.

While the US government's Cybersecurity and Infrastructure Security Agency last Wednesday added CVE-2023-4966 to its Known Exploited and Vulnerabilities Catalog, it still lists the vulnerability as "Unknown" in the "Used in ransomware campaigns" column.

Citrix declined to answer The Register's questions, including if customers have reported the bug being exploited by ransomware groups.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/31/mass_exploitation_citrix_bleed/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-4966 Unspecified vulnerability in Citrix products
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
network
low complexity
citrix
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 116 19 175 79 65 338