Once upon a time, there was a huge company that, a couple of weeks after a patch for a critical vulnerability had been patched by the vendor, discovered threat actors had been poking around its networks. Sounds familiar, doesn’t it? However, this is a story with a twist in the tale: it’s not about timely vulnerability patching. It’s about passwords.
The firm in question is Comcast Cable Communications, trading as Xfinity, one of the US telecoms giants. The critical zero-day vulnerability labelled CVE-2023-4966, also known as Citrix Bleed, impacted Citrix NetScaler application delivery and gateway devices and has been exploited from August 2023 to steal authentication sessions.
CVE-2023-4966 earned a 9.4 CVSS criticality rating as it didn’t require user interaction nor privilege escalation and was exploitable remotely. Citrix published a security bulletin and a patch with a strong recommendation that users apply it urgently on 10 October 2023. On 18 December, a Xfinity spokesperson said: “We promptly patched and mitigated the vulnerability. We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers.”
Other dates to take note of here are 16 to 19 October, when there’s evidence of malicious activity on the Xfinity network, and 25