National Cyber Warfare Foundation (NCWF) Forums


CitrixBleed Vulnerability Widely Exploited, Primarily by a Ransomware Gang
0 user ratings		2023-11-01 12:53:07
milo
Red Team (CNA)
 - archive -- 

At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was given a severity rating of 9.4 (Critical). After the release of PoC, there seems to be a mass exploitation of this vulnerability by threat actors. However, the technical details of this […]


The post CitrixBleed Vulnerability Widely Exploited, Primarily by a Ransomware Gang appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was given a severity rating of 9.4 (Critical).





After the release of PoC, there seems to be a mass exploitation of this vulnerability by threat actors. However, the technical details of this vulnerability were already obtained by threat actors and are currently being exploited in the wild.





CVE-2023-4966: Sensitive Data Exposure in Citrix Netscaler ADC 





Threat actors can exploit this vulnerability to gain memory access to the affected devices. This memory also holds the session tokens, which allow the login bypass and all multi-factor authentications.





Moreover, once threat actors gain complete authentication over the device, they can perform various malicious actions.





Source: Double Pulsar
Source: Double Pulsar




Additional reports indicate that this vulnerability is being exploited by random people who are just owning anything to extract the session tokens. This report was extracted from GreyNoise Honeypots.





This security flaw is currently being exploited at a large scale, as per Kevin Beaumont’s observation. Previously, it was only utilized for targeted exploitation to gain access to a network and had not spread widely.











CVE IDAffected ProductsFixed in Version
CVE-2023-4966NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15NetScaler ADC and NetScaler Gateway 13.1-49.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0
NetScaler ADC 13.1-FIPS before 13.1-37.164NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS
NetScaler ADC 12.1-FIPS before 12.1-55.300NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS
NetScaler ADC 12.1-NDcPP before 12.1-55.300NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP




It is recommended for organizations to upgrade to the latest versions of Citrix Netscaler ADC to prevent this vulnerability from getting exploited.





Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.


The post CitrixBleed Vulnerability Widely Exploited, Primarily by a Ransomware Gang appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Source: gbHackers
Source Link: https://gbhackers.com/citrixbleed-vulnerability-widely-exploited/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.