Citrix Bleed Vulnerability: Background and Recommendations

Nov 9, 2023 10:00 pm Cyber Security 95
Citrix Bleed Vulnerability: Background and Recommendations

Key Points


  • Citrix Bleed (CVE-2023-4966) is a critical vulnerability affecting multiple versions of Citrix Netscaler Gateway and ADC products that could enable attackers to retrieve sensitive information and hijack user sessions.

  • Exploited as a zero-day vulnerability since summer 2023, at least four threat groups are leveraging Citrix Bleed, with one group automating the attack process. ReliaQuest has observed Citrix Bleed exploitation in multiple customer environments.

  • Urgent remedial action, including installing updated versions of Netscaler Gateway and ADC and killing active sessions, is strongly recommended by CISA and Citrix’s owner Cloud Software Group.


    • Citrix Bleed: What’s Happening


    Citrix Bleed (CVE-2023-4966) is a critical vulnerability affecting Citrix Netscaler Gateway and Netscaler ADC products—network devices used for load balancing, firewall implementation, traffic management, virtual private network (VPN), and user authentication. By exploiting this flaw, attackers may be able to retrieve sensitive information (including session authentication cookies) from vulnerable appliances and subsequently hijack a user’s session.


    The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerability:


  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15

  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19

  • NetScaler ADC 13.1-FIPS before 13.1-37.164

  • NetScaler ADC 12.1-FIPS before 12.1-55.300

  • NetScaler ADC 12.1-NDcPP before 12.1-55.300

    • NetScaler ADC and NetScaler Gateway version 12.1 are  now End-of-Life (EOL) and is also vulnerable. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication products are not impacted.


    Citrix released a patch for this flaw on October 10, 2023, but attackers have been abusing it as a zero-day vulnerability since late August 2023.


    On October 25, 2023, researchers released a proof-of-concept (PoC) exploit for Citrix Bleed and noted that the vulnerabil ..

    Support the originator by clicking the read the rest link below.

    citrix bleed vulnerability background recommendations
    Read The Rest from the original source
    reliaquest.com

    Related News

    Be in Touch

    All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
    Powered By The Internet!!!!