Critical Citrix NetScaler Memory Flaw Actively Exploited in Attacks

A critical memory vulnerability in Citrix NetScaler, a widely deployed application delivery and security product used across enterprise networks, is being actively exploited by attackers, according to a report by BleepingComputer published Monday. The flaw is a memory-related vulnerability in NetScaler ADC and NetScaler Gateway, products that serve as network gatekeepers for thousands of organizations including financial institutions, healthcare providers, and government agencies. NetScaler products handle authentication, load balancing, and SSL inspection for corporate applications, making a successful exploit particularly dangerous. Active exploitation means threat actors have weaponized the vulnerability and are targeting unpatched systems in the wild, rather than the flaw remaining theoretical. Organizations running affected versions face potential unauthorized access to networks and sensitive systems without user interaction if the vulnerability is reached from the network. Citrix, now part of Cloud Software Group following its 2022 acquisition by Vista Equity Partners and Elliott Management, has a history of critical NetScaler vulnerabilities that have drawn significant attacker interest. The CVE-2023-4966 vulnerability, known as Citrix Bleed, was exploited by ransomware groups including LockBit to breach major organizations including Boeing, Allen & Overy, and the Industrial and Commercial Bank of China. Enterprise security teams were urged to apply available patches immediately. Federal civilian agencies are typically required by CISA's Known Exploited Vulnerabilities catalog to remediate actively exploited flaws within defined deadlines. Specific CVE identifiers and patch availability details were not fully enumerated in initial reporting. Organizations should consult Citrix's security bulletin for affected version numbers and remediation guidance.