CVE-2023-4966

Vulnerability updated 23 days ago (2024-09-24T18:01:24.959Z)
Download STIX
Preview STIX
CVE-2023-4966, also known as "Citrix Bleed," is a critical zero-day vulnerability affecting Citrix Netscaler Gateway and Netscaler ADC products. Discovered in 2023, this flaw in software design or implementation allows sensitive information disclosure, with a high severity rating of 9.4 on the Common Vulnerability Scoring System (CVSS). The vulnerability enables attackers to bypass multifactor authentication through the use of stolen session tokens, making it an attractive target for threat actors due to its ease of exploitation. The vulnerability was exploited en masse months before Citrix published an advisory in October 2023. In one notable incident, the ransomware gangs targeted Ongoing Operations' Netscaler ADC and Netscaler Gateway products that had unpatched Citrix Bleed vulnerabilities. This exploit allowed attackers to gain remote access to organizations reliant on Citrix, leading to significant security breaches. One such breach affected Xfinity, a major American cable TV and internet service provider, resulting in a data breach impacting nearly 36 million people. The breach was attributed to the Citrix Bleed vulnerability, demonstrating the potential scale and impact of such exploits. Despite the availability of patches meant to mitigate this issue, many organizations failed to implement them promptly, leading to widespread security incidents. Check Point IPS has since provided protection against this threat, highlighting the ongoing efforts to secure systems against such vulnerabilities.
Description last updated: 2024-09-24T17:16:36.418Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Citrix Bleed is a possible alias for CVE-2023-4966. Citrix Bleed, officially designated as CVE-2023-4966, is a significant software vulnerability affecting Citrix Netscaler Gateway and Netscaler ADC products. This flaw in software design or implementation allows for sensitive information disclosure and has been assigned a high severity rating with a
8
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
netscaler
citrix
Exploit
Ransomware
CISA
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with CVE-2023-4966. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operatUnspecified
6
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Medusa Threat Actor is associated with CVE-2023-4966. Medusa, a prominent threat actor in the cybersecurity landscape, has been increasingly active with its ransomware attacks. The group made headlines in November 2023 when it leveraged a zero-day exploit for the Citrix Bleed vulnerability (CVE-2023-4966), leading to numerous compromises alongside otheUnspecified
2
The Alphv Threat Actor is associated with CVE-2023-4966. AlphV, also known as BlackCat, is a notorious threat actor that has been active since November 2021. This group pioneered the public leaks business model and has been associated with various ransomware families, including Akira, LockBit, Play, and Basta. AlphV gained significant attention for its laUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The vulnerability CVE-2023-4967 is associated with CVE-2023-4966. Unspecified
2
Source Document References
Information about the CVE-2023-4966 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
23 days ago
Securityaffairs
2 months ago
Securityaffairs
2 months ago
CERT-EU
9 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
InfoSecurity-magazine
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
DARKReading
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago