Abo
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten

Admins must act: PuTTY vulnerability threatens Citrix Hypervisor

To secure XenCenter for Citrix Hypervisor, admins must manually install a security update for the SSH tool PuTTY.

Save to Pocket listen Print view
Fortschrittsbalken mit dem Text "Update"

(Image: AFANASEV IVAN/Shutterstock.com)

1 min. read
Security
By

Under certain conditions, attackers can access admins' private SSH keys in the context of XenCenter for Citrix Hypervisor. To prevent such attacks, admins must react now.

As Citrix writes in a warning message, the vulnerability (CVE-2024-31497) can be found in the SSH tool PuTTY. However, Citrix is not providing a security update for XenCenter; instead, admins must update or uninstall PuTTY themselves.

The software company states that PuTTY has not been used since XenCenter 8.2.7. XenCenter for XenServer 8 has never used the SSH tool. PuTTY 0.81 is said to be secure. The SSH tool establishes SSH connections to guest VMs in the context of virtual machines. If an attacker controls a guest VM, they can access a private SSH admin key due to the vulnerability.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Spiele

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten