Citrix Bleed ACT NOW - Ensure Citrix ADC & Netscaler have mitigations applied OR are taken offline - 20231115001

Overview

The WASOC has been made aware of mass exploitation of Citrix NetScaler ADC and NetScaler Gateway services.

What is the vulnerability?

• CVE-2023-4966 and CVE-2023-4967 - CVSS v3 Base Score: 9.4
• CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 - CVSS v3 Base Score: 9.8

What is vulnerable?

The vulnerability affects the following products:

NetScaler ADC and NetScaler Gateway

ACT NOW - Remedial actions required if Citrix Netscaler ADC or Gateway in use

Apply mitigations and kill all active and persistent sessions per vendor instructions OR discontinue use (i.e. ensure inaccessible from the internet or taken offline) of the product if mitigations are unavailable.

Additional References

• LockBit ransomware group assemble strike team to breach banks, law firms and governments (Kevin Beaumont)
• ACSC - Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities
• NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967
• Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
• Citrix Bleed: Leaking Session Tokens with CVE-2023-4966 - AssetNote