“Mass exploitation of CVE-2023-4966, a critical sensitive information disclosure vulnerability in Citrix’s NetScaler ADC and Gateway products, has been ongoing since October 30. Dubbed “CitrixBleed” by researchers, at the time, there were estimates of 30,000 internet-facing assets that were vulnerable to this flaw. Recent analysis suggests that the number has decreased to over 10,000 assets with the majority located in the United States.
“With publicly available proof-of-concept exploit code, a variety of threat actors have been leveraging this flaw as part of their attacks over the last few weeks, including affiliates of the infamous LockBit ransomware group and Medusa. Ransomware groups are mostly indiscriminate in their attacks, motivated by profits over anything else.
“Organisations that use Netscaler ADC and Gateway products must prioritise patching these systems immediately as the threat of exploitation is extremely high, especially by ransomware groups.”—Satnam Narang, Senior Staff Research Engineer, Tenable