CitrixBleed Flaw Widely Exploited, Primarily by a Ransomware Gang

At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was given a severity rating of 9.4 (Critical).

After the release of PoC, there seems to be a mass exploitation of this vulnerability by threat actors. However, the technical details of this vulnerability were already obtained by threat actors and are currently being exploited in the wild.

CVE-2023-4966: Sensitive Data Exposure in Citrix Netscaler ADC

Threat actors can exploit this vulnerability to gain memory access to the affected devices. This memory also holds the session tokens, which allow the login bypass and all multi-factor authentications.

Moreover, once threat actors gain complete authentication over the device, they can perform various malicious actions.

Source: Double Pulsar

Additional reports indicate that this vulnerability is being exploited by random people who are just owning anything to extract the session tokens. This report was extracted from GreyNoise Honeypots.

This security flaw is currently being exploited at a large scale, as per Kevin Beaumont’s observation. Previously, it was only utilized for targeted exploitation to gain access to a network and had not spread widely.

CVE IDAffected ProductsFixed in Version
CVE-2023-4966NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15NetScaler ADC and NetScaler Gateway 13.1-49.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0
NetScaler ADC 13.1-FIPS before 13.1-37.164NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS
NetScaler ADC 12.1-FIPS before 12.1-55.300NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS
NetScaler ADC 12.1-NDcPP before 12.1-55.300NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP

It is recommended for organizations to upgrade to the latest versions of Citrix Netscaler ADC to prevent this vulnerability from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Chinese APT Hackers Using Multiple Tools And Vulnerabilities To Attack Telecom Orgs

Earth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications and…

2 hours ago

200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability

A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which…

7 hours ago

Beware Of SpyLoan Apps Exploits Social Engineering To Steal User Data

SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive users…

9 hours ago

Researchers Detailed Tools Used By Hacktivists Fueling Ransomware Attacks

CyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec, Diamond,…

9 hours ago

Blue Yonder Ransomware Attack Impacts Starbucks & Multiple Supermarkets

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…

11 hours ago

Dell Wyse Management Suite Vulnerabilities Let Attackers Exploit Affected Systems Remotely

Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address…

11 hours ago