Citrix NetScaler Vulnerability Exploited as Zero-Day since August
October 18, 2023
A critical security flaw identified as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited as a zero-day since late August, according to security researchers. The vulnerability, which is an information disclosure, was patched recently. This flaw enables attackers to access secrets in devices configured as gateways for authentication, authorization, and accounting (AAA) virtual servers.
On October 10, Citrix issued a security bulletin urging customers to install the available update promptly. However, the bulletin provided limited technical details. Mandiant, a cybersecurity firm, reported that it had found evidence of CVE-2023-4966 being exploited in the wild since August. The exploitation involved stealing authentication sessions and account hijacking.
Mandiant stated, 'Successful exploitation could result in the ability to hijack existing authenticated sessions, therefore bypassing multifactor authentication or other strong authentication requirements.' The company also warned that even after the security update, hijacked sessions persist. Depending on the privileges of the hijacked account, attackers could use this method to breach more accounts or move laterally.
CVE-2023-4966 has been exploited to gain access to infrastructure belonging to government organizations and tech companies. In addition to applying the Citrix patch, Mandiant has published a document with further remediation recommendations for NetScaler ADC/Gateway administrators. The firm also advised prioritizing upgrading the appliances to certain firmware versions.
This is the second zero-day flaw Citrix has addressed in its products this year. A previous one, identified as CVE-2023-3519, was exploited in the wild in early July and received a fix a few weeks later.
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.
By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.
Accelerate Security Teams
Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.