Citrix plugs partly critical security gaps in several products
Citrix has published security warnings for several products. Updates close vulnerabilities, some of which are critical.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Citrix has published warnings about security vulnerabilities in several products in its portfolio. One of them is even considered critical. IT managers should download and install the updates provided without delay.
The manufacturer does not provide any details on the vulnerabilities, only general directions. There are two vulnerabilities in the Netscaler Console, Agent and SVM. One only affects Netscaler Console 14.1 before version 14.1-25.53. The information snippets indicate that due to insufficient authentication, attackers with access to the IP address of the Netscaler Console can spy out sensitive information (CVE-2024-6235, CVSS 9.4, risk"critical"). From the risk assessment, it can be deduced that attackers may be able to access the console with administrator rights and thus compromise it. A second vulnerability concerns memory access outside the intended limits, which could lead to the software being paralyzed (CVE-2024-6236, CVSS 7.1, high). The vulnerabilities include Netscaler Console, SVM and Agent 14.1-25.53, 13.1-53.22 and 13.0-92.31 and newer.
Other high-risk vulnerabilities
In the Virtual Delivery Agent for Windows, which is used by Citrix Virtual Apps and Desktops and Citrix DaaS, attackers can escalate their privileges to SYSTEM (CVE-2024-6151, CVSS 8.5, high). The versions Citrix Virtual Apps and Desktops 2402, 1912 LTSR CU9 and 2203 LTSR CU5 plug the leaks. Citrix Workspace app for Windows also allows privilege escalation to SYSTEM (CVE-2024-6286, CVSS 8.5, high). Versions 2403.1 and 2402 LTSR correct the flaw.
In addition, malicious actors can paralyze Netscaler ADC and Netscaler Gateway, which is due to memory access outside of intended limits (CVE-2024-5491, CVSS 7.1, high). Attackers can also abuse an open redirect in the Netscalers and redirect victims to arbitrary websites (CVE-2024-5492, CVSS 5.1, medium). Netscaler ADC and Netscaler Gateway 14.1-25.53, 13.1-53.17 and 13.0-92.31 and Netscaler ADC FIPS 13.1-37.183 and 12.1-55.304 and finally Netscaler ADC NDcPP 12.1-55.304 close the vulnerabilities.
Other vulnerabilities of medium severity can also be found in Citrix Workspace app for HTML5 and Citrix Provisioning. In the past, cybercriminals have usually attacked vulnerabilities in Citrix products quickly. Admins should therefore install the updated software quickly.
The last time IT managers had to seal security gaps in Citrix software was in May. At that time, they had to manually install an update for the SSH tool PuTTY in order to patch the gap in the XenCenter of the Citrix hypervisor.
(dmk)