Threat actors have been exploiting the critical CVE-2023-4966 vulnerability in Citrix NetScaler ADC/Gateway devices since late August. Citrix issued a security bulletin on October 10, urging customers to update their NetScaler ADC and NetScaler Gateway devices to mitigate this flaw.
Researchers from Mandiant have observed the exploitation of this vulnerability as a zero-day, allowing attackers to hijack authenticated sessions and bypass multifactor authentication, potentially leading to unauthorized access to sensitive resources. The attacks primarily targeted professional services, technology, and government organizations, posing a significant threat to these sectors.
Citrix has strongly recommended that users install the relevant updated versions of NetScaler ADC and NetScaler Gateway to address the CVE-2023-4966 vulnerability.
While Citrix has taken steps to mitigate this threat, there’s a concern that hijacked sessions may persist even after applying the update, as attackers have been observed stealing session data prior to patch deployment. This could result in unauthorized access to additional resources within the affected environment, making it crucial for organizations to address this vulnerability promptly.
In addition to CVE-2023-4966, Citrix has previously warned customers of another flaw, CVE-2023-3519, actively exploited in NetScaler Application Delivery Controller (ADC) and Gateway devices. Researchers have reported a large-scale credential harvesting campaign exploiting this vulnerability, emphasizing the importance of robust security measures and patch management to protect against such threats.