In recent days it has been causing great concern vulnerability known as Citrix Bleedwhich so far has already involved more than 20,000 devices.
We are talking about an exploit that has a very high severity score (9.4 on a scale of 10) and has been exploited en masse by groups ransomware. Although the patch to correct the vulnerability has been available for three weeks, many Citrix customers have not been prompt with updates and, day by day, the number of victims tends to rise.
Citrix Bleed is, as already mentioned, a notable critical issue. The reason for this concern is that, through such a security flaw, cybercriminals can steal session token e various credentialsallowing you to bypass systems multi-factor authentication.
The vulnerability, tracked as CVE-2023-4966 and present in NetScaler Application Delivery Controller It is in the NetScaler Gateway by Citrix, has been actively exploited since August, with a patch released last August October 10th.
Citrix Bleed: the corrective patch is ready, but too many users have not yet adopted it
Attacks with respect to Citrix Bleed appear to have only recently intensified, prompting the security researcher Kevin Beaumont to declare as “This vulnerability is now being mass exploited“. The same expert then spoke of multiple organizations that are taking advantage of the situation in a systematic way.
Beaumont said as of Saturday, it had identified as many as 20,000 cases of exploited Citrix devices where session tokens had been stolen.
In the meantime, GreyNoisea security company that also uses honeypothas identified attacks coming from in recent days 135 IP addresses who exploited Citrix Bleed. Compared to the sporadic cases of the past weeks, this confirms how cybercriminals are focusing heavily on this exploit.
Finally, what makes the situation even more disturbing is the security organization Shadowserver. According to some research, in fact, its specialists have identified approximately 5,500 devices still unpatchedtherefore potentially at great risk.
For Citrix users at risk, the advice remains to immediately resort to the appropriate corrective patches.
