What Happened?
CISA has re-added the infamous “Citrix Bleed” vulnerability (CVE-2023-4966) affecting Citrix NetScaler ADC and Gateway appliances to its Known Exploited Vulnerabilities (KEV) catalog. This indicates renewed active exploitation campaigns targeting unpatched or improperly remediated devices.
Business Impact
Citrix Bleed allows unauthenticated attackers to hijack existing user sessions and bypass MFA, gaining access to internal corporate networks and applications. Renewed exploitation puts organizations still running vulnerable versions at immediate risk of major breaches and ransomware attacks.
Why It Happened
Despite patches being available for some time, numerous organizations failed to properly update their Citrix appliances or fully terminate active sessions post-patching. Attackers continuously scan for and exploit these remaining vulnerable instances.
Recommended Executive Action
Mandate an immediate re-scan of the network perimeter for any vulnerable Citrix NetScaler ADC/Gateway instances. Ensure the correct patches are applied *and* that all active user sessions were terminated post-patching as per Citrix’s original guidance. Treat this as a critical finding.
Hashtags: #CISA #KEV #CitrixBleed #Vulnerability #Citrix #NetScaler #PatchNow #CyberSecurity #InfoSec