Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could end result in exposure of sensitive details.
Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the adhering to supported variations –
- NetScaler ADC and NetScaler Gateway 14.1 right before 14.1-8.50
- NetScaler ADC and NetScaler Gateway 13.1 right before 13.1-49.15
- NetScaler ADC and NetScaler Gateway 13. right before 13.-92.19
- NetScaler ADC and NetScaler Gateway 12.1 (now conclusion-of-existence)
- NetScaler ADC 13.1-FIPS before 13.1-37.164
- NetScaler ADC 12.1-FIPS ahead of 12.1-55.300, and
- NetScaler ADC 12.1-NDcPP in advance of 12.1-55.300
However, for exploitation to come about, it needs the gadget to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or authorization and accounting (AAA) digital server.
When patches for the flaw ended up introduced on October 10, 2023, Citrix has now revised the advisory to be aware that “exploits of CVE-2023-4966 on unmitigated appliances have been observed.”
Google-owned Mandiant, in its have alert printed Tuesday, claimed it discovered zero-working day exploitation of the vulnerability in the wild beginning in late August 2023.
“Prosperous exploitation could result in the ability to hijack existing authenticated classes, for that reason bypassing multi-component authentication or other powerful authentication prerequisites,” the risk intelligence agency said.
“These periods may persist following the update to mitigate CVE-2023-4966 has been deployed.”
Mandiant also claimed it detected session hijacking where session information was stolen right before the patch deployment, and subsequently utilized by an unspecified threat actor.
“The authenticated session hijacking could then final result in further more downstream accessibility dependent upon the permissions and scope of access that the identification or session was permitted,” it more included.
“A danger actor could use this process to harvest added credentials, laterally pivot, and acquire entry to more sources within an environment.”
The menace actor powering the assaults has not been decided, but the marketing campaign is claimed to have qualified professional services, technology, and government companies.
In mild of energetic abuse of the flaw and with Citrix bugs becoming a lightning rod for danger actors, it really is very important that users transfer promptly to update their cases to the newest variation to mitigate potential threats.
“Organizations have to have to do much more than just utilize the patch – they should really also terminate all energetic sessions,” Mandiant CTO Charles Carmakal mentioned. “Even though this is not a remote code execution vulnerability, be sure to prioritize the deployment of this patch provided the lively exploitation and vulnerability criticality.”
Observed this article attention-grabbing? Observe us on Twitter and LinkedIn to browse far more special material we article.
Some parts of this article are sourced from:
thehackernews.com