Security
Headlines
HeadlinesLatestCVEs

Headline

Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms

Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions -

NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler ADC and NetScaler Gateway 13.1 before

The Hacker News
#vulnerability#google#intel#rce#auth#zero_day#The Hacker News

Enterprise Security / Vulnerability

Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information.

Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions -

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
  • NetScaler ADC and NetScaler Gateway 12.1 (currently end-of-life)
  • NetScaler ADC 13.1-FIPS before 13.1-37.164
  • NetScaler ADC 12.1-FIPS before 12.1-55.300, and
  • NetScaler ADC 12.1-NDcPP before 12.1-55.300

However, for exploitation to occur, it requires the device to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or authorization and accounting (AAA) virtual server.

While patches for the flaw were released on October 10, 2023, Citrix has now revised the advisory to note that “exploits of CVE-2023-4966 on unmitigated appliances have been observed.”

Google-owned Mandiant, in its own alert published Tuesday, said it identified zero-day exploitation of the vulnerability in the wild beginning in late August 2023.

“Successful exploitation could result in the ability to hijack existing authenticated sessions, therefore bypassing multi-factor authentication or other strong authentication requirements,” the threat intelligence firm said.

“These sessions may persist after the update to mitigate CVE-2023-4966 has been deployed.”

Mandiant also said it detected session hijacking where session data was stolen before the patch deployment, and subsequently used by an unspecified threat actor.

“The authenticated session hijacking could then result in further downstream access based upon the permissions and scope of access that the identity or session was permitted,” it further added.

“A threat actor could utilize this method to harvest additional credentials, laterally pivot, and gain access to additional resources within an environment.”

The threat actor behind the attacks has not been determined, but the campaign is said to have targeted professional services, technology, and government organizations.

In light of active abuse of the flaw and with Citrix bugs becoming a lightning rod for threat actors, it’s imperative that users move quickly to update their instances to the latest version to mitigate potential threats.

“Organizations need to do more than just apply the patch – they should also terminate all active sessions,” Mandiant CTO Charles Carmakal said. “Although this is not a remote code execution vulnerability, please prioritize the deployment of this patch given the active exploitation and vulnerability criticality.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Zero-Days Win the Prize for Most Exploited Vulns

Among the top exploited zero-day vulnerabilities were bugs found in systems from Citrix and Cisco.

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management

Xfinity Rocked with Data Breach Impacting 36 Million Users

By Deeba Ahmed The latest Xfinity data breach is linked to the critical Citrix Bleed vulnerability. This is a post from HackRead.com Read the original post: Xfinity Rocked with Data Breach Impacting 36 Million Users

Ransomware review: December 2023

In November, ransomware gangs attacked at least 457 victims—the highest monthly count in 2023, after May's record numbers.

Citrix Bleed widely exploitated, warn government agencies

Citrix Bleed is being actively exploited by at least six cybercrime groups.

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),

Lockbit Ransomware Leaks Boeing Data Trove

By Deeba Ahmed Earlier, Boeing acknowledged a cyberattack amidst claims by the Lockbit ransomware gang of breaching its security and stealing data. This is a post from HackRead.com Read the original post: Lockbit Ransomware Leaks Boeing Data Trove

World’s Largest Bank ICBC Discloses Crippling Ransomware Attack

By Deeba Ahmed Reportedly, it was a ransomware attack orchestrated by the notorious LockBit gang. This is a post from HackRead.com Read the original post: World’s Largest Bank ICBC Discloses Crippling Ransomware Attack

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of […]

You’d be surprised to know what devices are still using Windows CE

The Arid Viper threat actor is actively trying to install spyware on targeted devices in the Middle East, using fake dating apps as lures.

Mandiant Tracks Four Uncategorized Groups Exploiting Citrix Vulnerability

By Waqas Mandiant Investigates Zero-Day Exploitation in Citrix Vulnerability, CVE-2023-4966. This is a post from HackRead.com Read the original post: Mandiant Tracks Four Uncategorized Groups Exploiting Citrix Vulnerability

CVE-2023-4967: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

As Citrix Urges Its Clients to Patch, Researchers Release an Exploit

In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.

Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities

Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files

Critical Citrix Bug Exploited as a Zero-Day, 'Patching Is Not Enough'

The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.

CVE-2023-4966: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 

The Hacker News: Latest News

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case