Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)

CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors.

Threat actors have been quick to leverage vulnerabilities in Citrix NetScaler ADC in the past, and this vulnerability is obviously no exception.

CVE-2023-4966 is a remotely and easily exploitable vulnerability that allows attackers to grab valid session tokens from internet-facing vulnerable Netscaler devices’ memory.

A week later, Mandiant researchers revealed that the vulnerability has been exploited as a zero-day by attackers since late August 2023, to attack professional services, technology, and government organizations.

Mandiant pointed out that updating vulnerable devices is not enough to boot the attackers from them – they advised admins to terminate all active sessions and check whether the attackers left behind web shells or backdoors.

“Due to the lack of available log records or other artifacts of exploitation activity, as a precaution, organizations should consider rotating credentials for identities that were provisioned for accessing resources via a vulnerable NetScaler ADC or Gateway appliance,” Mandiant researchers noted.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.