Carding 4 Carders
Professional
This is the case when hotfixes are not the only security measure.
Citrix warns about the use of a recently discovered critical vulnerability in NetScaler ADC and Gateway devices, which can lead to the disclosure of confidential information. The flaw identified as CVE-2023-4966 (CVSS: 9.4) was discovered and fixed in October.
However, for successful operation, the device must be configured as a gateway (VPN, ICA proxy server, CVPN, RDP proxy server) or a virtual Authorization and Accounting server (AAA).
Although patches for the vulnerability were released on October 10, Citrix has now revised its recommendations, noting that exploits of CVE-2023-4966 were detected on unprotected devices.
Mandiant revealed that the zero-day vulnerability has been exploited since the end of August. According to the company's specialists, successful exploitation can lead to interception of active sessions, which will bypass multi-factor authentication (MFA) or other strict authentication requirements. However, sessions can persist even after an update.
Intercepting an authenticated session can then allow further access, depending on the permissions, which allows the cybercriminal to collect additional credentials, make a Lateral Movement ,and gain access to other resources in the environment.
Mandiant also stated that it detected session hijacking, in which session data was stolen before the patch was installed and subsequently used by an unidentified attacker. The source of the threat behind the attacks has not been identified, but the campaign reportedly targeted professional services, technology, and government organizations.
In light of the active abuse of the vulnerability, it is critical that users quickly update their instances to the latest version to reduce potential threats. The Mandiant researchers recommended that organizations not only apply the fixes, but also stop all active sessions. Experts also reminded that users should correctly prioritize fixes, taking into account the active exploitation and the level of vulnerability danger.
Citrix warns about the use of a recently discovered critical vulnerability in NetScaler ADC and Gateway devices, which can lead to the disclosure of confidential information. The flaw identified as CVE-2023-4966 (CVSS: 9.4) was discovered and fixed in October.
However, for successful operation, the device must be configured as a gateway (VPN, ICA proxy server, CVPN, RDP proxy server) or a virtual Authorization and Accounting server (AAA).
Although patches for the vulnerability were released on October 10, Citrix has now revised its recommendations, noting that exploits of CVE-2023-4966 were detected on unprotected devices.
Mandiant revealed that the zero-day vulnerability has been exploited since the end of August. According to the company's specialists, successful exploitation can lead to interception of active sessions, which will bypass multi-factor authentication (MFA) or other strict authentication requirements. However, sessions can persist even after an update.
Intercepting an authenticated session can then allow further access, depending on the permissions, which allows the cybercriminal to collect additional credentials, make a Lateral Movement ,and gain access to other resources in the environment.
Mandiant also stated that it detected session hijacking, in which session data was stolen before the patch was installed and subsequently used by an unidentified attacker. The source of the threat behind the attacks has not been identified, but the campaign reportedly targeted professional services, technology, and government organizations.
In light of the active abuse of the vulnerability, it is critical that users quickly update their instances to the latest version to reduce potential threats. The Mandiant researchers recommended that organizations not only apply the fixes, but also stop all active sessions. Experts also reminded that users should correctly prioritize fixes, taking into account the active exploitation and the level of vulnerability danger.
