Get in Touch
Citrix NetScaler flaw subjected to active exploitation
Target Industry
Organisations within the government, professional services, and technology industry sectors.
Overview
Intelligence indicates that a recently patched critical zero-day vulnerability within Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway has been exploited as a zero-day since August 2023. Exploitation of the vulnerability, tracked as CVE-2023-4966 (CVSSv3.1 score: 9.4), does not require user authentication and will almost certainly result in the release of sensitive data from on-premises appliances that are configured as a Gateway or an AAA virtual server.
On 19th October 2023, the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2023-4966 to its Known Exploited Vulnerabilities Catalog.
Impact
Successful exploitation of CVE-2023-4966 would almost certainly allow a threat actor to hijack existing authenticated sessions and bypass secure authentication methods.
Vulnerability Detection
A security patch has been released by Citrix with regards to the disclosed vulnerability. As such, previous product versions remain vulnerable to potential exploitation.
Affected Products
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway
Containment, Mitigations & Remediations
It is strongly recommended that users of the affected products apply the security patch released by Citrix as soon as possible.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Threat Landscape
Citrix occupies a significant portion of the virtual application and desktop market share. The related products are used extensively by organisations across the industry sector spectrum. Within this context, it has been assessed that cyber threat actors will almost certainly view organisations with operational protocols involving these products as prime targets as they seek to meet their pre-defined objectives.
Intelligence indicates that vulnerabilities related to Citrix products for which patches exist have previously been subjected to malicious cyber operations. It is therefore of critical importance to follow the recommended remediation and mitigation strategies to reduce the risk of exploitation.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Common Weakness Enumeration (CWE):
CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer
Further Information
