Citrix Bleed (CVE-2023-4966) - Quick update on a serious vulnerability - WST

Citrix NetScaler ADC and NetScaler Gateway products have been in the news recently regarding a critical information disclosure vulnerability, with Citrix disclosing the issue and releasing a patch for the flaw on October 10. Note that even if your team patched and rebooted these systems, it’s possible that bad actors already absconded with session tokens prior to patching, and these tokens are still valid, even after updates are applied. If additional steps weren’t performed to kill existing sessions, these tokens can be used to access your network - again, on a fully patched system, and ransomware groups are actively exploiting this. For more details, see the “Recommended next steps” at https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/ .

Authored by: David Matt, CISSP, CEH