Hackers can Hijack NetScaler accounts via the Citrix Bleed exploit

The ‘Citrix Bleed’ vulnerability, identified as CVE-2023-4966, has a proof-of-concept (PoC) exploit available that enables attackers to get authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway equipment.

Citrix resolved CVE-2023-4966, a critical-severity remotely exploitable information disclosure vulnerability, on October 10th, albeit not much information was disclosed.

Mandiant said on October 17 that the vulnerability has been exploited as a zero-day attack since late August 2023.

Citrix sent out a follow-up warning on Monday to NetScaler ADC and Gateway appliance managers, asking them to fix the vulnerability right once because the frequency of exploitation has begun to increase.

In order to illustrate their findings and assist those wishing to test for exposure, researchers at Assetnote released a Proof of Concept (PoC) attack on GitHub today, along with further information regarding the exploitation technique of CVE-2023-4966.