A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security advisory, published on October 10, says that the vulnerability can lead to sensitive information disclosure, but did not explain what type of information can be disclosed to attackers. CVE-2023-4966 is exploitable remotely without authentication, and a successful attack does not hinge of user interaction. The … More
The post Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) appeared first on Help Net Security.