Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway

May 6, 2024 at 08:20PM Citrix quietly addressed a vulnerability in its NetScaler ADC and Gateway appliances, similar to “CitrixBleed” but less serious. The flaw allowed attackers to occasionally capture sensitive information, although Citrix didn’t assign a CVE identifier. Bishop Fox reported the issue to Citrix in January, urging affected organizations to update their systems. … Read more

Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation

January 17, 2024 at 05:06AM Citrix published a security bulletin revealing that two zero-day vulnerabilities in NetScaler ADC and Gateway products are being exploited. CVE-2023-6548 allows remote execution of code, and CVE-2023-6549 enables DoS attacks. Citrix advises immediate patch installation. The vulnerabilities may be exploited in targeted attacks but are not expected to have significant … Read more

Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability

November 22, 2023 at 07:12AM Authorities in Australia, the US, and tech company Citrix have issued warnings about a critical vulnerability in the NetScaler product. Dubbed CitrixBleed, the bug allows information disclosure and affects Netscaler ADC and Gateway appliances configured as a gateway or AAA server. The flaw, which has been exploited since August and … Read more

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

November 22, 2023 at 12:36AM LockBit ransomware affiliates are actively exploiting a critical security flaw in Citrix NetScaler appliances to gain initial access to target environments. The flaw, known as Citrix Bleed, allows threat actors to bypass password requirements and multifactor authentication, enabling session hijacking and unauthorized access to data. The vulnerability, tracked as CVE-2023-4966, … Read more

Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway

November 1, 2023 at 10:23AM Thousands of Citrix NetScaler ADC and Gateway instances are vulnerable to a critical flaw, dubbed ‘Citrix Bleed’, that allows unauthenticated attackers to leak sensitive information. The vulnerability is actively being exploited by threat actors, including ransomware groups. Citrix has released patches, but roughly half of NetScaler customers have yet to … Read more

As Citrix Urges Its Clients to Patch, Researchers Release an Exploit

October 25, 2023 at 04:08PM A critical security update has been released for the Citrix NetScaler vulnerability, but an exploit is also available. The exploit is simpler to use and allows attackers to read session tokens and gain access to environments. Patching may not be enough as hijacked sessions can persist even after applying patches. … Read more

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

October 23, 2023 at 02:22PM Citrix warns admins to immediately secure NetScaler ADC and Gateway appliances against ongoing attacks exploiting the CVE-2023-4966 vulnerability. The vulnerability allows unauthenticated attackers to remotely exploit systems without user interaction. Mandiant reported that threat actors have been using this zero-day vulnerability to steal authentication sessions and hijack accounts since late … Read more

Recently patched Citrix NetScaler bug exploited as zero-day since August

October 18, 2023 at 08:02AM A critical vulnerability, known as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August. The issue allows attackers to access secrets in gateways configured as authentication, authorization, and accounting (AAA) virtual servers. Citrix has released a fix and urges customers to install the … Read more

Recent NetScaler Vulnerability Exploited as Zero-Day Since August

October 18, 2023 at 07:00AM A critical vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway has been exploited as a zero-day since August, according to Google’s Mandiant cybersecurity unit. The flaw allows attackers to leak sensitive information without authentication. Citrix released patches on October 10 and updated their advisory to warn customers of the observed … Read more

Citrix Patches Critical NetScaler ADC, Gateway Vulnerability

October 11, 2023 at 10:07AM Citrix has released patches for a critical vulnerability in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. The vulnerability, CVE-2023-4966, could lead to sensitive information disclosure and can be exploited without authentication. Citrix advises customers to upgrade their appliances to the supported versions. The company has also addressed a denial-of-service … Read more