Wednesday, April 24, 2024

Hackers Actively Exploiting Big-IP and Citrix Vulnerabilities

Experts issued security alerts concerning the ongoing exploitation of Big-IP (CVE-2023-46747, CVE-2023-46748) and Citrix (CVE-2023-4966) vulnerabilities.

The publicly available Proof of Concepts (POCs) for these vulnerabilities were rapidly circulated in cybercrime forums.

Over 20,000 “Netscaler” instances and 1,000 “Big IP” instances are available online.

These systems might be attractive targets for attackers and might be exposed to current security flaws, according to Cyble researchers.

Details of the BIG IP Vulnerabilities:

The vulnerability, identified as CVE-2023-46747, allows an attacker having network access to the BIG-IP system over the management port and/or self-IP addresses to execute arbitrary system instructions.

Undisclosed requests could bypass configuration utility authentication.

The next vulnerability is tracked as CVE-2023-46748 in the BIG-IP Configuration utility. It allows an authenticated attacker to execute arbitrary system commands if they have network access to the Configuration utility through the BIG-IP management port or self-IP addresses.

Top 5 Countries with the highest count of Internet-exposed BIG-IP Instances

F5 BIG-IP Virtual Edition is linked to CVE-2023-46747 and CVE-2023-46748. F5 has identified threat actors as using the CVE-2023-46747 vulnerability to launch attacks that take advantage of CVE-2023-46748.

Praetorian Labs security professionals found these vulnerabilities and made the information public on October 26, 2023.

They discovered an authentication bypass flaw that had the ability to result in a full compromise of F5 systems with an exposed Traffic Management User Interface (TMUI).

BIG-IP Versions Known to be Vulnerable:

  • 17.1.0
  • 16.1.0 – 16.1.4
  • 15.1.0 – 15.1.10
  • 14.1.0 – 14.1.5
  • 13.1.0 – 13.1.5
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.


To mitigate this issue, you can run the script provided in the F5 advisory for BIG-IP versions 14.1.0 and later.

Citrix Vulnerability

With a critical CVSS score of 9.4, CVE-2023-4966 is categorized as a “sensitive information disclosure” vulnerability. Its elevated score for an information disclosure vulnerability makes it noteworthy.

Top 5 Countries with the highest count of Internet-exposed NetScaler Instances

Researchers at Assetnote examined and documented the exploitation of CVE-2023-4966.

Vulnerable Software Version(s)

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
  • NetScaler ADC 13.1-FIPS before 13.1-37.164
  • NetScaler ADC 12.1-FIPS before 12.1-55.300
  • NetScaler ADC 12.1-NDcPP before 12.1-55.300


Customers of NetScaler ADC and NetScaler Gateway are strongly encouraged by Citrix to install the appropriate upgraded versions of these products as soon as possible:

  • NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
  • NetScaler ADC and NetScaler Gateway 13.1-49.15  and later releases of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0 
  • NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS 
  • NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS 
  • NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP

Since attackers are currently targeting the vulnerabilities, it is recommended that mitigations be applied as soon as possible.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.


Latest articles

Researchers Uncover that UK.GOV Websites Sending Data to Chinese Ad Vendor Analysts

Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites...

Ransomware Victims Who Opt To Pay Ransom Hits Record Low

Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members...

IBM Nearing Talks to Acquire Cloud-software Provider HashiCorp

IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure...

Rewards Up to $10 Million for Information on Iranian Hackers

The United States Justice Department has announced big rewards for information leading to the...

PoC Exploit Released For Critical Oracle VirtualBox Vulnerability

Oracle Virtualbox was identified and reported as having a critical vulnerability associated with Privilege...

Tracing the Steps of Cyber Intruders: The Path of Lateral Movement

When cyber attacks strike, it's rarely a single computer that suffers. Nowadays, cybercriminals set...

U.S. to Impose Visa Restrictions on 13 Individuals Involved in Commercial Spyware Operations

To combat the misuse of commercial spyware, the United States Department of State has...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles