Carding 4 Carders
Professional
- Messages
- 2,730
- Reaction score
- 1,467
- Points
- 113
NetScaler ADC and Gateway are at risk due to the critical breach CVE-2023-4966.
Citrix calling on administrators to immediately ensure the security of all NetScaler ADC and Gateway devices due to attacks exploiting the critical vulnerability CVE-2023-4966.
Two weeks ago, Citrix already released a fix for this vulnerability related to the disclosure of confidential information. CVE-2023-4966 received a severity rating of 9.4/10 on the CVSS scale, as this security flaw can be exploited remotely without authentication and user interaction.
To become vulnerable to attacks, NetScaler devices must be configured in Gateway mode or as an AAA virtual server.
Although Citrix did not reveal any evidence of active exploitation of the vulnerability at the time of the patch's release, a week later they were discovered by Mandiant researchers, according to which attackers exploited CVE-2023-4966 starting at the end of August 2023 to steal authentication sessions and hijack accounts.
Mandiant also stressed that even after installing the patch, compromised sessions are saved. Depending on the account permissions, attackers can move around the network or hijack other accounts. There were also cases of exploiting vulnerabilities to penetrate the infrastructure of government agencies and technology corporations.
Citrix warned in its latest notification: "We have reports of incidents related to session hijacking, and we have received reliable reports of targeted attacks exploiting this vulnerability."
The company urged administrators to immediately install recommended builds for devices vulnerable to attacks, and also provided commands to terminate all active and persistent sessions:
Last Thursday, CISA added CVE-2023-4966 to its catalog of known exploitable vulnerabilities, requiring federal agencies to ensure that their systems are protected from active exploitation by November 8.
Citrix calling on administrators to immediately ensure the security of all NetScaler ADC and Gateway devices due to attacks exploiting the critical vulnerability CVE-2023-4966.
Two weeks ago, Citrix already released a fix for this vulnerability related to the disclosure of confidential information. CVE-2023-4966 received a severity rating of 9.4/10 on the CVSS scale, as this security flaw can be exploited remotely without authentication and user interaction.
To become vulnerable to attacks, NetScaler devices must be configured in Gateway mode or as an AAA virtual server.
Although Citrix did not reveal any evidence of active exploitation of the vulnerability at the time of the patch's release, a week later they were discovered by Mandiant researchers, according to which attackers exploited CVE-2023-4966 starting at the end of August 2023 to steal authentication sessions and hijack accounts.
Mandiant also stressed that even after installing the patch, compromised sessions are saved. Depending on the account permissions, attackers can move around the network or hijack other accounts. There were also cases of exploiting vulnerabilities to penetrate the infrastructure of government agencies and technology corporations.
Citrix warned in its latest notification: "We have reports of incidents related to session hijacking, and we have received reliable reports of targeted attacks exploiting this vulnerability."
The company urged administrators to immediately install recommended builds for devices vulnerable to attacks, and also provided commands to terminate all active and persistent sessions:
Code:
kill icaconnection -all
kill rdp connection -all
kill pcoipConnection -all
kill aaa session -all
clear lb persistentSessionsLast Thursday, CISA added CVE-2023-4966 to its catalog of known exploitable vulnerabilities, requiring federal agencies to ensure that their systems are protected from active exploitation by November 8.
