Citrix’s Net Scaler found CVE-2023-4966 vulnerability

A proof-of-concept (PoC) exploit has been released for the Citrix Bleed vulnerability, tracked as CVE-2023-4966. This exploit allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances.

CVE-2023-4966 is a critical-severity remotely exploitable information disclosure flaw that Citrix fixed on October 10 without providing many details. On October 17, Mandiant revealed that the flaw was abused as a zero-day in limited attacks since late August 2023.

Attackers can exploit CVE-2023-4966 to gain unrestricted access to vulnerable NetScaler appliances. This could allow them to steal data, launch further attacks, or even take control of the appliances.

Citrix has urged customers to patch vulnerable NetScaler appliances immediately. Customers should also implement additional security measures, such as enabling two-factor authentication and monitoring their networks for suspicious activity.

CVE-2023-4966 is a critical-severity remotely exploitable information disclosure flaw Citrix fixed on October 10 without providing many details.

On October 17, Mandiant revealed that the flaw was abused as a zero-day in limited attacks since late August 2023.

This Monday, Citrix issued a subsequent warning to administrators of NetScaler ADC and Gateway appliances, urging them to patch the flaw immediately, as the rate of exploitation has started to pick up.

Today, researchers at Assetnote shared more details about the exploitation method of CVE-2023-4966 and published a PoC exploit on GitHub to demonstrate their findings and help those who want to test for exposure.