Due to ongoing attacks, Citrix has urged admins to immediately patch a critical sensitive information disclosure flaw affecting NetScaler ADC and NetScaler Gateway, tracked as CVE-2023-4966.
Citrix first issued a patch for compromised devices on Oct. 10, assigning it a 9.4/10 severity rating, as it’s remotely exploitable by unauthenticated attackers in low-complexity attacks that don’t require user interaction. While there was no evidence the vulnerability was being exploited in the wild when the fix was released, ongoing exploitation was disclosed one week later. According to reports, cybercriminals have been abusing this vulnerability to hijack authentication sessions and steal corporate info since at least late August 2023. In addition, there’s a proof-of-concept exploit available on GitHub.
The gravity of this situation is highlighted by the Cybersecurity and Infrastructure Security Agency (CISA), which swiftly added CVE-2023-4966 to its Known Exploited and Vulnerabilities Catalog. Federal agencies have been instructed to secure their systems against active exploitation by Nov. 8.
Nuspire applies patches when released, in accordance with vendor recommendations. Additionally, we actively hunt for threats within client environments to detect and mitigate any potential compromises.
Organizations using affected builds and configuring NetScaler ADC as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or as an AAA virtual server are strongly urged to install the recommended builds immediately. In addition to applying the patch, organizations need to take extra measures to remediate the issue and reduce their risk: