Citrix pushed for customers to upgrade to the latest versions of NetScaler ADC and NetScaler Gateway on Monday, after learning about incidents consistent with session hijacking and credible reports of targeted attacks against a critical vulnerability.
Citrix released patches to address the vulnerability, CVE-2023-4966, on Oct. 10, and warned that exploitation of the flaw can lead to data disclosure. Citrix said it was unaware of any exploits at the time.
The vulnerability is considered most critical when customers are using affected builds in conjunction with NetScaler ADC configured as a gateway or as an AAA virtual server. Managed cloud and Adaptive Authentication customers do not need to take additional action, Citrix said.