μœ„ν˜‘ μš”μ•½ : Citrix Bleed CVE-2023-4966

πŸ’Œ λ³΄μ•ˆ μ†Œμ‹
1

μœ„ν˜‘ μš”μ•½ : Citrix Bleed CVE-2023-4966

2023λ…„ 10μ›” 10일, CitrixλŠ” Netscaler ADC 및 Netscaler Gateway μ œν’ˆμ— λŒ€ν•œ 패치λ₯Ό λ°œν‘œν–ˆμœΌλ©°, 이 νŒ¨μΉ˜λŠ” Citrix Bleed(CVE-2023-4966)λΌλŠ” νŠΉλ³„ν•œ 취약점을 μ™„ν™”ν•˜κΈ° μœ„ν•œ κ²ƒμž…λ‹ˆλ‹€. κ³΅κ²©μžλŠ” 이 취약점을 μ‚¬μš©ν•˜μ—¬ μ„Έμ…˜ 토큰을 λˆ„μΆœν•  수 있고, Unit 42 사고 λŒ€μ‘ 및 κ΄€λ¦¬λœ μœ„ν˜‘ 사λƒ₯ νŒ€μ€ λžœμ„¬μ›¨μ–΄ 그룹이 이 취약점을 μ•…μš©ν•˜λŠ” 것을 κ΄€μ°°ν–ˆμŠ΅λ‹ˆλ‹€.

Threat Brief: Citrix Bleed CVE-2023-4966

On October 10, 2023, Citrix announced a patch for Netscaler ADC and NetScaler Gateway products, which is intended to alleviate the special vulnerability of Citrix Bleed (CVE-20123-4966).The attacker can use this vulnerabilities to leak session tokens, and the Unit 42 accident response and managed threat hunting team observed the ransomware group exploited this vulnerability.

https://unit42.paloaltonetworks.com/threat-brief-cve-2023-4966-netscaler-citrix-bleed/