Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)

A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed.

They exploited CVE-2023-4966 to hijack existing authenticated sessions, which means that they were able to effectively bypass multifactor authentication requirements.

“These sessions may persist after the update to mitigate CVE-2023-4966 has been deployed. Additionally, we have observed session hijacking where session data was stolen prior to the patch deployment, and subsequently used by a threat actor,” Mandiant noted.

“The authenticated session hijacking could then result in further downstream access based upon the permissions and scope of access that the identity or session was permitted. A threat actor could utilize this method to harvest additional credentials, laterally pivot, and gain access to additional resources within an environment.”

In late August, a ransomware group targeted internet-facing unpatched Citrix NetScaler systems by leveraging CVE-2023-3519.

Citrix urges customers to update to a fixed version of NetScaler ADC and NetScaler Gateway as soon as possible.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.