When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The vulnerability in question is tracked as CVE-2023-4966.
It carries a severity score of 9.4 and affects NetScaler ADC, and NetScaler Gateway.
Evidence of abuse
Prior to Citrixs reaction, both Mandiant and CISA warned about the flaw.
Mandiant said hackers were probably using it to hijack authentication sessions and steal corporate data since August.
In the meantime, someone posted a proof-of-concept on GitHub, called Citrix Bleed, The Register reports.
A bit too late for that, given that Citrix Bleed is already published.
Mandiant claims the victims are mostly tech firms, government organizations, and professional services companies.
