The corporation issued a warning about session hijacking and targeted assaults on a major vulnerability. Citrix urged clients to upgrade to the most recent versions of NetScaler ADC and NetScaler Gateway on Monday, following reports of session hijacking and credible evidence of targeted attacks against a serious vulnerability.
Citrix issued fixes to address the vulnerability, CVE-2023-4966, on October 10 and cautioned that exploiting the hole could result in data leakage. Citrix stated at the time that it was not aware of any exploits. Customers who use impacted builds in conjunction with NetScaler ADC configured as a gateway or as a AAA virtual server are particularly vulnerable. Citrix noted that managed cloud and Adaptive Authentication clients do not need to take any further steps.