October 18, 2023 at 07:00AM
A critical vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway has been exploited as a zero-day since August, according to Google’s Mandiant cybersecurity unit. The flaw allows attackers to leak sensitive information without authentication. Citrix released patches on October 10 and updated their advisory to warn customers of the observed exploitation. The vulnerability has been used in attacks targeting government, professional services, and technology organizations. Patching and other remediation measures are recommended to mitigate the risk.
Key Takeaways:
– A critical severity vulnerability in Citrix NetScaler ADC and NetScaler Gateway, tracked as CVE-2023-4966, has been exploited as a zero-day since August.
– The vulnerability can be exploited without authentication to leak sensitive information.
– Citrix released patches for this and another high-severity vulnerability on October 10, but did not initially mention potential exploitation.
– Citrix has updated its advisory to warn customers about observed in-the-wild exploitation and urges them to update their instances.
– The flaw has been addressed in certain versions of NetScaler ADC and Gateway.
– Mandiant warns that the vulnerability has been targeted in attacks against government, professional services, and technology organizations.
– Successful exploitation could allow attackers to hijack authenticated sessions and bypass stronger authentication methods.
– Mandiant recommends isolating affected instances, restricting access to unpatched appliances, updating the appliances, terminating active sessions after the update, and scanning for malicious activity.
– Organizations should consider rotating credentials and restricting ingress access to trusted IP addresses.
– Although not a remote code execution vulnerability, the patch should be prioritized due to active exploitation and the criticality of the vulnerability.