Tracked as CVE-2023-4966 (CVSS score of 9.4) and referred to as CitrixBleed, the unauthenticated bug leads to information disclosure.
On Monday, Citrix urged administrators to apply the available patches as soon as possible, citing "a sharp increase in attempts to exploit this vulnerability in unpatched NetScaler ADCs" and reports that the LockBit ransomware gang has started exploiting it.
"Historically, LockBit affiliates have conducted attacks against organizations of varying sizes across multiple critical infrastructure sectors-including education, energy, financial services, food and agriculture, government and emergency services, healthcare, manufacturing, and transportation," the governmental agencies warn.
[
add
]
[
|
|
...
]