Citrix plugs security leaks in Netscaler ADC and Gateway and more
Citrix has released security updates to patch vulnerabilities in Netscaler ADC, Gateway and Session Recording.
(Image: Bild erstellt mit KI in Bing Image Creator durch heise online / dmk)
Citrix has released updates to close security vulnerabilities. Citrix Netscaler ADC, Netscaler Gateway and Session Recording are vulnerable to attacks. The US IT security authority CISA assumes that some of the gaps allow attackers to take control of affected systems.
In Citrix's security bulletin on the vulnerabilities in Netscaler ADC and Netscaler Gateway, the developers explain that "storage protection violations can occur, which can lead to storage corruption and denial of service". It is therefore apparently possible to access memory outside the intended limits. Citrix does not mention any specific effects apart from DoS, but the severity suggests that code smuggling is possible (CVE-2024-8534, CVSS 8.4, risk"high"). In addition, authenticated attackers can gain unauthorized access to functions, which is apparently related to a KCD account configuration that relies on Kerberos SSO to access backend resources (CVE-2024-8535, CVSS 5.8, medium).
Further Citrix vulnerabilities
Citrix also reports vulnerabilities in the session recording of Citrix Virtual Apps and Desktops. Attackers can extend their rights to the NetworkService account (CVE-2024-8068, CVSS 5.1, medium) or execute limited malicious code from the network with these rights (CVE-2024-8069, CVSS 5.1, medium). The updated software versions are linked in the Citrix message.
Videos by heise
The vulnerabilities patch the versions Netscaler ADC and Netscaler Gateway 14.1-29.72 and 13.1-55.34 as well as Netscaler ADC FIPS 13.1-37.207, 12.1-55.321 and 12.1-55.321. Netscaler ADC and Netscaler Gateway 12.1 and 13.0 are also vulnerable, but have reached their end-of-lifecycle and therefore will not receive an update – Affected users should update their appliances to a supported version. Citrix cloud services have already been patched by the manufacturer, so IT managers do not need to take any further action here.
Citrix Virtual Apps and Desktops are secured from versions 2407 Hotfix 24.5.200.8, 2402 LTSR CU1 Hotfix 24.02.1200.16, 2203 LTSR CU5 Hotfix 22.03.5100.11 and 1912 LTSR CU9 Hotfix 19.12.9100.6.
Cybercriminals have Citrix software as one of the standard attack targets in their portfolio. At the end of 2023, attackers abused a vulnerability known as "CitrixBleed" at the US provider Xfinity and were able to access data from around 36 million customers. Admins should therefore apply the available updates quickly.
In September, Citrix had to close security gaps in Workspace app for Windows. These had allowed attackers to extend their rights in the system.
(dmk)
