January 16, 2024 at 03:33PM Citrix has warned customers to immediately patch their vulnerable Netscaler ADC and Gateway appliances against actively exploited zero-day vulnerabilities (CVE-2023-6548 and CVE-2023-6549). The company advises blocking network traffic to affected instances if updates cannot be deployed immediately, and separating the management interface from internet exposure to reduce the risk of … Read more
October 31, 2023 at 04:48PM The critical information-disclosure bug known as Citrix Bleed is being heavily exploited. Over 5,000 vulnerable servers have been identified on the public internet. Even after patching the flaw, session tokens can still be used. Multiple ransomware gangs are involved in the mass exploitation, and the vulnerability is being targeted across … Read more
October 25, 2023 at 11:30AM A proof-of-concept exploit has been released for the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) allowing attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. The vulnerability was previously abused as a zero-day in limited attacks and Citrix has urged administrators to patch the flaw immediately. The … Read more
October 24, 2023 at 05:04PM Citrix has issued an urgent fix for a critical information disclosure bug, CVE-2023-4966, affecting NetScaler ADC and NetScaler Gateway, revealing that the exploit has been actively used. GitHub now hosts a proof-of-concept exploit named Citrix Bleed. Organizations using affected builds should assume they have been compromised, apply the update, and … Read more
October 18, 2023 at 09:15AM Citrix has issued a warning about a critical security flaw in its NetScaler ADC and Gateway appliances, known as CVE-2023-4966. The vulnerability could expose sensitive information and requires devices to be configured as a Gateway or AAA virtual server for exploitation to occur. Patches were released on October 10, 2023, … Read more