Security News > 2023 > November > Citrix warns admins to kill NetScaler user sessions to block hackers

Citrix warns admins to kill NetScaler user sessions to block hackers
2023-11-21 16:36

Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks.

Kill icaconnection -all kill rdp connection -all kill pcoipConnection -all kill aaa session -all clear lb persistentSessions.

"Responding to the recently disclosed CVE-2023-4966, affecting Citrix NetScaler ADC and NetScaler Gateway appliances, CISA received four files for analysis that show files being used to save registry hives, dump the Local Security Authority Subsystem Service process memory to disk, and attempts to establish sessions via Windows Remote Management," CISA added in a Malware Analysis Repor also published today.

LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed.

Hackers use Citrix Bleed flaw in attacks on govt networks worldwide.

Citrix Bleed exploit lets hackers hijack NetScaler accounts.


News URL

https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-kill-netscaler-user-sessions-to-block-hackers/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-4966 Unspecified vulnerability in Citrix products
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
network
low complexity
citrix
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 116 19 175 79 65 338