Citrix Urges Immediate Patch for Critical NetScaler Vulnerability

Due to ongoing attacks, Citrix has urged admins to immediately patch a critical sensitive information disclosure flaw affecting NetScaler ADC and NetScaler Gateway, tracked as CVE-2023-4966.  

What are the details on the Citrix NetScaler vulnerability? 

Citrix first issued a patch for compromised devices on Oct. 10, assigning it a 9.4/10 severity rating, as it’s remotely exploitable by unauthenticated attackers in low-complexity attacks that don’t require user interaction. While there was no evidence the vulnerability was being exploited in the wild when the fix was released, ongoing exploitation was disclosed one week later. According to reports, cybercriminals have been abusing this vulnerability to hijack authentication sessions and steal corporate info since at least late August 2023. In addition, there’s a proof-of-concept exploit available on GitHub.  

The gravity of this situation is highlighted by the Cybersecurity and Infrastructure Security Agency (CISA), which swiftly added CVE-2023-4966 to its Known Exploited and Vulnerabilities Catalog. Federal agencies have been instructed to secure their systems against active exploitation by Nov. 8. 

What is Nuspire doing? 

Nuspire applies patches when released, in accordance with vendor recommendations. Additionally, we actively hunt for threats within client environments to detect and mitigate any potential compromises.  

How should I protect myself from the Citrix NetScaler vulnerability? 

Organizations using affected builds and configuring NetScaler ADC as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or as an AAA virtual server are strongly urged to install the recommended builds immediately. In addition to applying the patch, organizations need to take extra measures to remediate the issue and reduce their risk: 

  • To ensure a smooth transition, isolate your NetScaler ADC and Gateway appliances for testing and preparation of patch deployment. This crucial step ensures that the process is well-managed and any potential issues are identified and resolved in a controlled environment. 
  • Upgrade vulnerable NetScaler ADC and Gateway appliances to the latest firmware versions. These updates are specifically designed to mitigate the vulnerability, making them a crucial component of your defense strategy. 
  • Post-upgrading, it’s essential to terminate all active and persistent sessions per appliance. This step ensures that any lingering vulnerabilities are addressed and resolved. 
  • If possible, reduce the external attack exposure and attack surface of NetScaler appliances by restricting ingress access to only trusted or predefined source IP address ranges. This extra layer of security limits potential points of entry for cybercriminals. 

Have you registered for our next event?