CVE-2023-4966: Citrix Bleed NetScaler Session Hijacking Explained and Fix
A CVSS 9.4 memory disclosure zero-day in Citrix NetScaler ADC and Gateway. Unauthenticated attackers steal active session tokens, bypassing MFA entirely. LockBit used it to breach Boeing, Comcast, and DP World before the patch.
CVE-2023-4966, named Citrix Bleed for its resemblance to the Heartbleed memory disclosure pattern, is a sensitive information disclosure vulnerability in Citrix NetScaler ADC and NetScaler Gateway. An unauthenticated attacker who sends a specially crafted HTTP request to the device receives a response containing memory from the NetScaler process beyond the intended buffer — including active session tokens for users currently authenticated through the VPN gateway or ICA Proxy. These tokens allow the attacker to fully impersonate authenticated users without credentials or MFA.
Exploitation in the wild began in late August 2023 — nearly six weeks before Citrix released patches October 10, 2023. The LockBit ransomware group was confirmed using CVE-2023-4966 to breach Boeing, Comcast Xfinity, and DP World Australia (whose breach caused significant disruption to Australian port operations). CISA issued an emergency advisory and added CVE-2023-4966 to the Known Exploited Vulnerabilities catalog.
How Session Tokens Are Stolen: Memory Disclosure Without Authentication
NetScaler processes HTTP and HTTPS requests through its traffic management engine. A vulnerability in how certain request handlers construct response buffers causes the device to include memory contents beyond the intended response. This memory contains active session state data — including the session cookie values for users currently connected through NetScaler Gateway's VPN or ICA Proxy functionality.
An attacker sends a single crafted unauthenticated HTTPS request to the NetScaler portal. The response includes leaked memory containing valid session tokens. The attacker extracts these tokens and uses them in subsequent requests to NetScaler Gateway or the internal applications it proxies. NetScaler accepts the request as legitimate — the stolen token is cryptographically valid. The attacker inherits the full access and permissions of the hijacked user's VPN session, with no authentication challenge issued because the session is already authenticated.
Send crafted unauthenticated request
Send a specially structured HTTPS request to the NetScaler ADC or Gateway portal. No session cookie, authentication token, or prior interaction is required.
Extract session tokens from over-read response
Parse the HTTP response body for session token patterns. The response includes memory beyond the intended buffer containing active session cookie values for connected users.
Construct authenticated request using stolen token
Build an HTTP request including the stolen session cookie and send it to NetScaler Gateway or a proxied internal application. NetScaler validates the token as legitimate.
Operate as the hijacked user
Access internal applications, network resources, and data with the hijacked user's full permissions — equivalent to operating their VPN session. MFA is not re-challenged because the session is already authenticated.
LockBit Exploitation: Major Organizations Breached Before the Patch
LockBit ransomware affiliates exploited CVE-2023-4966 against high-profile targets in October 2023 — immediately after the advisory was public. Boeing's parts and distribution business was breached, with LockBit claiming exfiltration of sensitive data. Comcast Xfinity disclosed a breach affecting 35.9 million customers linked to CVE-2023-4966. DP World Australia suffered operational disruption when attackers used hijacked NetScaler sessions to reach internal port management systems, forcing the shutdown of container operations at major Australian ports.
The session hijacking model made these attacks particularly difficult to detect in real time. Compromised sessions appeared in logs as legitimate VPN connections from the real user's session — differentiated only by source IP address, which may not trigger alerts if the attacker uses residential proxy infrastructure or VPN exit nodes in the same geography as the legitimate user.
“Citrix Bleed allows attackers to bypass password and multifactor authentication, resulting in successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances.”
— CISA Advisory AA23-325A, November 2023
Patching and Fully Remediating CVE-2023-4966
Patching is required — but patching alone does not revoke session tokens already stolen. The complete remediation requires upgrade, session termination, and compromise assessment.
Upgrade to patched NetScaler versions
Apply the October 10, 2023 releases: NetScaler ADC/Gateway 14.1-8.50 or later, 13.1-49.15 or later, 13.0-92.19 or later. For FIPS/NDcPP builds: 13.1-37.163 and 12.1-55.300 or later.
Kill all active and persistent sessions immediately after patching
Via NetScaler CLI: kill icaica -s *** to terminate ICA sessions. Kill VPN sessions through the NetScaler Gateway current sessions menu. Also clear persistent session entries. This forces re-authentication and invalidates all previously stolen tokens.
Audit NetScaler for configuration changes and new accounts
Review NetScaler configuration for unauthorized virtual servers, admin accounts, content switching policies, or responder policies added since the exploitation window. Attackers with gateway access may have modified configuration for persistence.
Assess internal applications accessed via hijacked sessions
Identify which internal applications are accessible through the NetScaler Gateway. Review access logs for those applications for anomalous activity from sessions with unexpected source IPs. Conduct compromise assessments of key internal systems.
Block external access during remediation if needed
If immediate patching is not possible, consider temporarily restricting external HTTPS access to the NetScaler portal. The token theft occurs through the HTTPS interface — eliminating remote access eliminates the exploit vector, at the cost of disrupting legitimate remote access.
The bottom line
CVE-2023-4966 is a study in why MFA is not a complete defense against all authentication-layer attacks. MFA protects the credential — it does not protect the session token issued after the credential is validated. A vulnerability that leaks those tokens bypasses MFA entirely because it operates at the post-authentication layer.
The Citrix Bleed exploitation pattern — steal token, use token, appear as legitimate user — is nearly indistinguishable from normal VPN activity in standard log review. Detection requires behavioral analysis: session access from unexpected source IPs or geographic locations, access patterns inconsistent with the legitimate user's behavior, or anomalous access to sensitive resources immediately after session establishment. Organizations that have not already deployed behavioral analytics on their remote access logs should treat this as an urgent gap given the sophistication of session hijacking attacks.
Frequently asked questions
What is CVE-2023-4966 (Citrix Bleed)?
Citrix Bleed is a buffer over-read in Citrix NetScaler ADC and Gateway where a crafted unauthenticated HTTP request causes the device to return memory contents beyond the intended response buffer — including session tokens for currently authenticated users. Attackers use stolen tokens to hijack active sessions without any authentication.
Why does Citrix Bleed bypass MFA?
The stolen session tokens represent sessions where users have already completed MFA. The attacker uses the post-authentication token to enter an existing session — the MFA challenge was already passed by the legitimate user. MFA only protects the authentication step; it cannot protect session tokens already issued.
Was CVE-2023-4966 a zero-day?
Yes. Exploitation was confirmed in late August and September 2023 — weeks before Citrix released patches October 10, 2023. LockBit ransomware affiliates were confirmed using it against Boeing, Comcast Xfinity, and DP World Australia (causing port disruption).
Is patching alone sufficient for CVE-2023-4966?
No. After patching, you must kill all active and persistent NetScaler sessions. Session tokens stolen before patching remain valid until the sessions expire or are terminated. Patching without killing sessions leaves stolen tokens usable.
How do I patch CVE-2023-4966?
Upgrade to: NetScaler ADC/Gateway 14.1-8.50+, 13.1-49.15+, 13.0-92.19+, 13.1-FIPS 37.163+, or 12.1-FIPS/NDcPP 55.300+. After patching, immediately terminate all active sessions via the NetScaler CLI or GUI before allowing user reconnections.
Sources & references
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, weekly, no spam.
Unsubscribe anytime. We never sell your data.
Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals weekly.