Citrix Bleed Exploit Lets Hackers Hijack Netscaler Accounts
A proof-of-concept exploit has been released for the 'Citrix Bleed' vulnerability, which allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway devices. The vulnerability, known as CVE-2023-4966, was fixed by Citrix on October 10, but details were not provided. Mandiant revealed that the flaw was exploited as a zero-day in limited attacks since August. Researchers have now shared more details about the exploit method and published a PoC on GitHub. By exploiting the vulnerability, attackers can retrieve session cookies and gain unrestricted access to the affected devices. It is advised that system administrators patch the flaw immediately to prevent further exploitation.