Admins urged to fix Citrix NetScaler flaw ASAP

Admins urged to fix Citrix NetScaler flaw ASAP

Citrix has urged system administrators to apply patches addressing a critical vulnerability that has been exploited in the wild.

Tracked as CVE-2023-4966, the flaw is a buffer overflow issue that could lead to remote code execution. Successful exploitation of the bug requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as AAAvirtualserver. According to cybersecurity firm Mandiant, CVE-2023-4966 has been exploited as a zero-day vulnerability since late August of this year.

Citrix said that at the time of disclosure it was not aware of any exploitation attempts but now it has evidence that the flaw has been exploited for session hijacking.

“If you are using affected builds and have configured NetScaler ADC as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or as an AAA virtual server, we strongly recommend that you immediately install the recommended builds because this vulnerability has been identified as critical,” the company advised, noting that there is no workarounds for the vulnerability.

Citrix has also recommended killing all active and persistent sessions using the following commands:

kill icaconnection -all

kill rdp connection -all

kill pcoipConnection -all

kill aaa session -all

clear lb persistentSessions


Back to the list

Latest Posts

Russian hackers target Microsoft accounts with ‘Device code’ phishing attacks

Russian hackers target Microsoft accounts with ‘Device code’ phishing attacks

The Russian threat actors leveraged social engineering techniques to impersonate individuals from prominent institutions.
17 February 2025
Cyber Security Week in Review: February 14, 2025

Cyber Security Week in Review: February 14, 2025

In brief: Microsoft patches actively exploited zero-days, Chinese hackers Salt Typhoon exploit Cisco flaws, the US and partners sanction Zservers, and more.
14 February 2025
Russian Sandworm APT targets critical sectors in BadPilot multi-year campaign

Russian Sandworm APT targets critical sectors in BadPilot multi-year campaign

The 'BadPilot' campaign involves a series of targeted cyberattacks leveraging bugs in widely used IT infrastructure software.
13 February 2025