CVE-2023-4966
Citrix NetScaler ADC 和网关缓冲区溢出会话令牌泄漏 (CitrixBleed)。它允许捕获活动会话。
漏洞档案
CVSS 评分
9.4 / 10.0
级别
严重
利用状态
⚠ 活跃利用
补丁状态
✓ 补丁可用
受影响软件
Citrix NetScaler ADC ve Gateway
利用方法
Buffer Overflow / Session Hijack
MITRE ATT&CK
T1550 - Use Alternate Authentication Material
CVE-2023-4966 (CitrixBleed) Citrix NetScaler ADC/Gateway buffer overflow ile oturum belirteci (session token) sizintisi. Authentication olmadan mevccut oturumlarin ele gecirilmesini sagliyor. LockBit, Medusa ve bircok ransomware grubu tarafindan aktif kullanilmistir.