ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure Attempt (CVE-2023-4966)

SID: 2048931Rev: 210 views
History
Sourceet/open
CreatedOctober 29, 2023
UpdatedJanuary 31, 2024
Classificationattempted-admin
alert http $EXTERNAL_NET any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure Attempt (CVE-2023-4966)"; flow:established,to_server; flowbits:set,ET.CVE-2023-4966.LeakAttempt; http.uri; content:"/oauth/rp/.well-known/openid-configuration"; fast_pattern; http.host; bsize:>2000; reference:url,www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966; reference:cve,2023-4966; classtype:attempted-admin; sid:2048931; rev:2; metadata:affected_product Citrix, attack_target Web_Server, created_at 2023_10_29, cve CVE_2023_4966, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_01_31, reviewed_at 2023_10_29, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:dest_ip;)

References

urlwww.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
cve2023-4966

Metadata

affected productCitrix
attack targetWeb_Server
created at2023_10_29
deploymentSSLDecrypt
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_01_31
reviewed at2023_10_29
mitre tactic idTA0007
mitre tactic nameDiscovery
mitre technique idT1082
mitre technique nameSystem_Information_Discovery

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!