On October 18, 2023, Citrix issued a warning about a critical security flaw in NetScaler ADC and Gateway appliances. This flaw, known as CVE-2023-4966, has a CVSS score of 9.4 and could potentially expose sensitive information. The affected versions include NetScaler ADC and NetScaler Gateway 14.1, 13.1, 13.0, and 12.1. Exploitation of the vulnerability requires the device to be configured as a Gateway or authorization and accounting virtual server.
Although patches were released on October 10, 2023, Citrix has observed exploits of the vulnerability on unmitigated devices. Mandiant, a threat intelligence firm owned by Google, reported zero-day exploitation of the vulnerability since late August 2023. Successful exploitation could allow an attacker to hijack authenticated sessions, bypass multi-factor authentication, and gain unauthorized access to resources.
The attacks have targeted professional services, technology, and government organizations. Users are advised to update their instances to the latest version and terminate all active sessions to mitigate potential threats. Follow us on Twitter and LinkedIn for more exclusive content.