The company warned of session hijacking and targeted attacks against a critical vulnerability.
Citrix pushed customers to upgrade to the latest versions of NetScaler ADC and NetScaler Gateway after learning about incidents consistent with session hijacking and credible reports of targeted attacks against a critical vulnerability.
Citrix released patches to address the vulnerability, CVE-2023-4966, on 10 October and warned that exploitation of the flaw could lead to data disclosure. Citrix said it was unaware of any exploits at the time.Â
The vulnerability is considered most critical when customers use affected builds in conjunction with NetScaler ADC configured as a gateway or an AAA virtual server. Managed cloud and Adaptive Authentication customers can take action without additional action, Citrix said.
The disclosure follows a report by Mandiant last week warning that threat actors could bypass the patch in cases of previous exploitation. Mandiant urged organizations to terminate all sessions. Mandiant warned that authenticated sessions could persist after the patch is applied.Â
Last week, the Cybersecurity and Infrastructure Security Agency added Netscaler ADC and NetScaler Gateway to its Known Exploited Vulnerabilities catalog.
Hackers previously launched attacks against NetScaler ADC and NetScaler Gateway in July. Mandiant, at the time, said it was investigating cases where attacks were successful in patched systems.
