Citrix Bleed, identified as CVE-2023-4966, represents an information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices. Citrix addressed this vulnerability by releasing a patch on October 10, signaling a response to an ongoing exploitation that had been occurring as a zero-day threat since late August 2023, and became more widespread following the patch release.
Xfinity promptly took action by applying the patch and implementing additional mitigation measures following Citrix’s guidelines on October 23. Despite these efforts, the company discovered unauthorized access to some of its internal systems between October 16 and October 19, 2023, prior to mitigation.
In a security incident notice to customers, Xfinity disclosed that, as a result of the vulnerability, information was likely acquired during this unauthorized access. The compromised data includes usernames and hashed passwords. Additionally, the breach exposed names, contact details, last four digits of social security numbers, dates of birth, and/or secret questions and answers for certain customers, although the specific number affected was not disclosed.
In response to the incident, Xfinity advised customers to take immediate action to secure their accounts. Recommendations include changing passwords and implementing two-factor or multi-factor authentication, if not already in place. The company also urged customers to remain vigilant against potential fraud and identity theft by regularly monitoring account statements, checking credit card reports, and staying alert for any suspicious activities on their accounts.
CyberSec84 | Cybersecurity news. 
Leave a comment