Citrix has urged admins to "immediately" apply a fix for CVE-2023-4966, a critical information disclosure bug that affects NetScaler ADC and NetScaler Gateway, admitting it has been exploited.
Plus, there's a proof-of-concept exploit, dubbed Citrix Bleed, now on GitHub. So if you are using an affected build, at this point assume you've been compromised, apply the update, and then kill all active sessions per Citrix's advice from Monday.
The company's first issued a patch for compromised devices on October 10, and last week Mandiant warned that criminals — most likely cyberspies — have been abusing this hole to hijack authentication sessions and steal corporate info since at least late August.
Six days after the Google-owned threat intel firm sounded the alarm, Citrix weighed in.
"If you are using affected builds and have configured NetScaler ADC as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or as an AAA virtual server, we strongly recommend that you immediately install the recommended builds," the vendor said in a Cloud Software Group blog post about CVE-2023-4966 published on Monday.
"We now have reports of incidents consistent with session hijacking, and have received credible reports of targeted attacks exploiting this vulnerability," Citrix added.
Oddly, Citrix didn't release any additional details about these citrix urges immediate patch critical netscaler exploit public
