SUBJECT: CVE-2023-4966 Citrix NetScaler ADC and Gateway Vulnerability (Citrix Bleed)
TECH STACK: Citrix NetScaler ADC and NetScaler Gateway Appliances
DATE(S) ISSUED: First issued on Oct. 10, 2023, with subsequent updates
CRITICALITY: HIGH
OVERVIEW:
CVE-2023-4966, known as Citrix Bleed, is a critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway. It involves a buffer overflow vulnerability that can lead to sensitive information disclosure when configured as a Gateway or AAA virtual server. This vulnerability has been actively exploited, allowing cyber actors to potentially take control of affected systems.
NIST Description:
The vulnerability allows a cyber actor to bypass Multi-Factor Authentication (MFA) and hijack legitimate user sessions, posing a significant security risk. Threat actors, including LockBit 3.0 ransomware affiliates, have been observed exploiting this vulnerability.
THREAT INTELLIGENCE:
As of October 18, 2023, CISA has added CVE-2023-4966 to its Known Exploited Vulnerabilities Catalog, citing active, targeted exploitation of the vulnerability. This vulnerability is a critical concern for organizations using Citrix NetScaler ADC and NetScaler Gateway appliances.
SOLUTION:
To mitigate this vulnerability, Citrix has released several security updates. Organizations are urged to update their appliances to the following versions:
For additional support please reach out to us at support@cyrisk.com
REFERENCES: