The exploitation of the Citrix Bleed vulnerability in unpatched NetScaler devices has sparked a renewed call for urgent action from the manufacturer. With nation-state and cybercrime groups actively targeting this flaw, NetScaler has reiterated the necessity for immediate patching and additional security measures to mitigate potential risks. The vulnerability, officially known as CVE-2023-4966, affects both NetScaler ADC and Gateway devices and has been exploited to gain remote access and steal session tokens, posing a severe threat even after patching.
NetScaler’s urgent warning comes in the wake of reports highlighting exploitation by multiple groups, including the LockBit ransomware syndicate. The vulnerability not only allows unauthorized access but also facilitates the theft of session tokens, enabling attackers to access devices post-patch.
Security experts emphasize the severity of the situation, indicating that nearly all NetScaler ADC and Gateway devices were potentially compromised prior to the patch release, underscoring the critical need for immediate action and comprehensive security review across impacted organizations.
Amid growing concerns, industry authorities like the Financial Services Information Sharing and Analysis Center (FS-ISAC) have issued alerts cautioning that the vulnerability permits attackers to bypass multifactor authentication controls, gaining complete access to affected devices.
With the potential for post-intrusion activities such as network reconnaissance, credential theft, and ransomware deployment, the urgency to patch, terminate active sessions, and thoroughly investigate potential compromises remains paramount to prevent further exploitation and safeguard organizational assets.
