Citrix has published warnings about security vulnerabilities in several products in its portfolio. One of them is even considered critical. IT managers should download and install the updates provided promptly.
Advertisement
The manufacturer does not provide any details about the vulnerabilities, but only a very general indication. Netscaler Console, Agent and SVM contain two vulnerabilities. One only affects Netscaler Console 14.1 before version 14.1-25.53. The information snippets indicate that due to insufficient authentication, attackers with access to the IP address of the Netscaler Console can spy on sensitive information (CVE-2024-6235, CVSS 9.4risk “critical“). The risk assessment indicates that attackers may be able to gain access with administrator privileges and thus compromise the console. A second vulnerability concerns memory access outside of the intended limits, which can lead to the software being paralyzed (CVE-2024-6236, CVSS 7.1, high). The gaps close Netscaler Console, SVM and Agent 14.1-25.53, 13.1-53.22 and 13.0-92.31 and newer.
Other high-risk security vulnerabilities
In the Virtual Delivery Agent for Windowsused by Citrix Virtual Apps and Desktops and Citrix DaaS, allows attackers to escalate their privileges to SYSTEM (CVE-2024-6151, CVSS 8.5, high). The versions Citrix Virtual Apps and Desktops 2402, 1912 LTSR CU9 and 2203 LTSR CU5 plug the leaks. The Citrix Workspace App for Windows also allows privilege escalation to SYSTEM (CVE-2024-6286, CVSS 8.5, high). Versions 2403.1 and 2402 LTSR correct the error.
In addition, malicious actors can Disable Netscaler ADC and Netscaler Gatewaywhich is due to memory accesses outside of intended limits (CVE-2024-5491, CVSS 7.1, high). Attackers can also abuse an open redirect in the netscalers and redirect victims to arbitrary websites (CVE-2024-5492, CVSS 5.1, medium). Netscaler ADC and Netscaler Gateway 14.1-25.53, 13.1-53.17 and 13.0-92.31 and Netscaler ADC FIPS 13.1-37.183 and 12.1-55.304 and finally Netscaler ADC NDcPP 12.1-55.304 close the security gaps.
Further vulnerabilities of medium severity can also be found in the Citrix Workspace App for HTML5 as in Citrix ProvisioningCybercriminals have been quick to exploit security vulnerabilities in Citrix products in the past, so admins should install the updated software quickly.
Most recently, IT managers had to close security gaps in Citrix software in May. At that time, they had to manually install an update for the SSH tool PuTTY in order to patch the gap in the Citrix hypervisor’s XenCenter.
(dmk)