Government and Tech Firms Targeted through Exploitation of Severe Citrix NetScaler Vulnerability

    Citrix has issued a warning regarding the exploitation of a critical security flaw recently disclosed in NetScaler ADC and Gateway appliances. This flaw has the potential to expose sensitive information. The vulnerability, identified as CVE-2023-4966 and with a CVSS score of 9.4, affects several supported versions, including NetScaler ADC and Gateway 14.1, 13.1, 13.0, and 12.1.

    To exploit this vulnerability, the device must be configured as a Gateway or an authorization and accounting (AAA) virtual server. Although patches were released on October 10, 2023, Citrix states that exploits of CVE-2023-4966 have been observed in unmitigated appliances.
    Mandiant, a threat intelligence firm owned by Google, has detected zero-day exploitation of this vulnerability since late August 2023. Successful exploitation of the flaw could result in the hijacking of existing authenticated sessions, bypassing multi-factor authentication and other security requirements. Hijacked sessions may persist even after the patch has been deployed, allowing threat actors to access additional resources within an environment. It is unknown who is behind the attacks, but professional services, technology, and government organizations have been targeted.

    Given the active abuse of the flaw, it is crucial for users to promptly update their instances to the latest version to mitigate potential threats. Mandiant CTO Charles Carmakal advises organizations to not only apply the patch but also terminate all active sessions.

    Latest articles

    Related articles