On Oct. 10, 2023, Citrix released a security bulletin for a sensitive information disclosure vulnerability (CVE-2023-4966) impacting NetScaler ADC and NetScaler Gateway appliances. Mandiant has identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023. Successful exploitation could result in the ability to hijack existing authenticated sessions, therefore bypassing multifactor authentication or other strong authentication requirements.
These sessions may persist after the update to mitigate CVE-2023-4966 has been deployed. Additionally, Mandiant researchers have observed session hijacking where session data was stolen prior to the patch deployment, and subsequently used by a threat actor.