Monday, May 5, 2025
HomeCyber Security NewsHackers Actively Exploiting Big-IP and Citrix Vulnerabilities

Hackers Actively Exploiting Big-IP and Citrix Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

Experts issued security alerts concerning the ongoing exploitation of Big-IP (CVE-2023-46747, CVE-2023-46748) and Citrix (CVE-2023-4966) vulnerabilities.

The publicly available Proof of Concepts (POCs) for these vulnerabilities were rapidly circulated in cybercrime forums.

Over 20,000 “Netscaler” instances and 1,000 “Big IP” instances are available online.

- Advertisement - Google News

These systems might be attractive targets for attackers and might be exposed to current security flaws, according to Cyble researchers.

Details of the BIG IP Vulnerabilities:

The vulnerability, identified as CVE-2023-46747, allows an attacker having network access to the BIG-IP system over the management port and/or self-IP addresses to execute arbitrary system instructions.

Undisclosed requests could bypass configuration utility authentication.

The next vulnerability is tracked as CVE-2023-46748 in the BIG-IP Configuration utility. It allows an authenticated attacker to execute arbitrary system commands if they have network access to the Configuration utility through the BIG-IP management port or self-IP addresses.

BIG-IP
Top 5 Countries with the highest count of Internet-exposed BIG-IP Instances

F5 BIG-IP Virtual Edition is linked to CVE-2023-46747 and CVE-2023-46748. F5 has identified threat actors as using the CVE-2023-46747 vulnerability to launch attacks that take advantage of CVE-2023-46748.

Praetorian Labs security professionals found these vulnerabilities and made the information public on October 26, 2023.

They discovered an authentication bypass flaw that had the ability to result in a full compromise of F5 systems with an exposed Traffic Management User Interface (TMUI).

BIG-IP Versions Known to be Vulnerable:

  • 17.1.0
  • 16.1.0 – 16.1.4
  • 15.1.0 – 15.1.10
  • 14.1.0 – 14.1.5
  • 13.1.0 – 13.1.5
Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

Mitigation

To mitigate this issue, you can run the script provided in the F5 advisory for BIG-IP versions 14.1.0 and later.

Citrix Vulnerability

With a critical CVSS score of 9.4, CVE-2023-4966 is categorized as a “sensitive information disclosure” vulnerability. Its elevated score for an information disclosure vulnerability makes it noteworthy.

NetScaler
Top 5 Countries with the highest count of Internet-exposed NetScaler Instances

Researchers at Assetnote examined and documented the exploitation of CVE-2023-4966.

Vulnerable Software Version(s)

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
  • NetScaler ADC 13.1-FIPS before 13.1-37.164
  • NetScaler ADC 12.1-FIPS before 12.1-55.300
  • NetScaler ADC 12.1-NDcPP before 12.1-55.300

Mitigation

Customers of NetScaler ADC and NetScaler Gateway are strongly encouraged by Citrix to install the appropriate upgraded versions of these products as soon as possible:

  • NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
  • NetScaler ADC and NetScaler Gateway 13.1-49.15  and later releases of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0 
  • NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS 
  • NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS 
  • NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP

Since attackers are currently targeting the vulnerabilities, it is recommended that mitigations be applied as soon as possible.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...