Citrix pushed for customers to upgrade to the latest versions of NetScaler ADC and NetScaler Gateway on Monday, after learning about incidents consistent with session hijacking and credible reports of targeted attacks against a critical vulnerability.

Citrix released patches to address the vulnerability, CVE-2023-4966, on Oct. 10, and warned that exploitation of the flaw can lead to data disclosure. Citrix said it was unaware of any exploits at the time. 

The vulnerability is considered most critical when customers are using affected builds in conjunction with NetScaler ADC configured as a gateway or as an AAA virtual server. Managed cloud and Adaptive Authentication customers do not need to take additional action, Citrix said. 

The disclosure follows a report by Mandiant last week warning that threat actors were able to bypass the patch in cases where there was previous exploitation. Mandiant urged organizations to terminate all sessions. Mandiant warned that authenticated sessions could still persist after the patch is applied. 

The Cybersecurity and Infrastructure Security Agency last week added Netscaler ADC and NetScaler Gateway to its Known Exploited Vulnerabilities catalog.

Hackers previously launched attacks against NetScaler ADC and NetScaler Gateway in July. Mandiant at the time said it was investigating cases where attacks were successful in patched systems.