Tech companies, professional services organizations, and government entities have been subjected to attacks exploiting a critical information disclosure vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway instances, tracked as CVE-2023-4966, since late August, or about two months prior to the release of a fix, reports The Register.
Intrusions leveraging the flaw have been aimed at facilitating authentication hijacking and data exfiltration, a Mandiant report revealed. Organizations with vulnerable NetScaler appliances have been urged by Mandiant Consulting Chief Technology Officer Charles Carmakal not only to remediate the flaw but also to end all active sessions to prevent compromise.
"These authenticated sessions will persist after the update to mitigate CVE-2023-4966 has been deployed. Therefore, even after the patch is applied, a threat actor could use stolen session data to authenticate to resources until the sessions are terminated," said Carmakal, who noted that more organizations are expected to report exploitation as part of the attacks, which are likely conducted by a cyberespionage operation.