Citrix advises users to update right now that the discovery of a major bug

Citrix advises users to update right now that the discovery of a major bug:A serious defect was discovered that affected a few Citrix products.

The massive cloud computing company Citrix has verified past rumours that some of its products had a serious flaw that may be exploited in the wild.

In order to ensure that users are protected from hackers, it released a patch for the vulnerability and advised users to apply it right away.

The aforementioned vulnerability is identified as CVE-2023-4966. It impacts NetScaler ADC and NetScaler Gateway and has a severity score of 9.4.

Indications of abuse

The vulnerability was flagged by Mandiant and CISA prior to Citrix’s response. According to Mandiant, since August, hackers have most likely been exploiting it to take over authentication sessions and steal company information. In contrast, CISA stated that although the vulnerability was “unknown,” it was “used in ransomware campaigns.”

Meanwhile, Citrix Bleed, a proof-of-concept, was uploaded to GitHub, according to The Register. According to Citrix’s recommendations from Monday, “if you are using an affected build, at this point assume you have been compromised, apply the update, and then kill all active sessions,” the publication stated.

Citrix advises users to update right now that the discovery of a major bug

Citrix issued a pretty dire warning about real-world abuse along with the patch, saying, “We now have reports of incidents consistent with session hijacking, and have received credible reports of targeted attacks exploiting this vulnerability.”

Other details, such who is assaulting whom, what they are pursuing, whether or not they are using malware, or even the number of victims, were not disclosed by the company. “The security bulletin and blog are the extent of our external statements at this time,” a representative from Citrix informed The Register. This implies that disclosing additional information could encourage other hackers to find and exploit the vulnerability on their own. Given that Citrix Bleed has already been released, it’s a little late for that.

According to Mandiant, professional services firms, government agencies, and IT enterprises make up the majority of the victims. Charles Carmakal, the company’s CTO, stated that although the current attacks centre around data theft, it’s just a matter of time until they begin to centre around money.

Leave a Comment