October 25, 2023 at 04:08PM
A critical security update has been released for the Citrix NetScaler vulnerability, but an exploit is also available. The exploit is simpler to use and allows attackers to read session tokens and gain access to environments. Patching may not be enough as hijacked sessions can persist even after applying patches. The exploit has been actively exploited since August, leaving organizations at risk.
Key takeaways from the meeting notes:
– There is a critical security vulnerability in Citrix NetScaler that has been actively exploited in the wild.
– Citrix released an urgent update for the vulnerability (CVE-2023-4966) on September 23, which was rated as “Critical” by Citrix and “High” by NIST.
– Researchers have published a proof-of-concept exploit for the vulnerability on GitHub, which is relatively simple to use.
– The exploit allows attackers to read session tokens, connect to the device as a standard user, and potentially access the environment with elevated privileges.
– NetScaler is widely used by over 400,000 organizations, including many Fortune 500 companies and critical industries.
– Patching the vulnerability may not be easy for organizations that require 24/7 uptime, and terminating active sessions may also be necessary to mitigate the risk.
– Threat actors have been exploiting the vulnerability since August, leaving a considerable window of opportunity for post-exploitation persistence and downstream access.