Citrix Addresses Critical and High-Severity Bugs in NetScaler Product
July 10, 2024
Citrix has launched security patches to fix critical and high-risk problems in its NetScaler product. The most severe of these is an incorrect authorization flaw (CVE-2024-6235) with a CVSS score of 9.4. Any attacker with access to the NetScaler Console IP could exploit this vulnerability to gain access to confidential data.
Citrix has also addressed an issue of improper restriction of operations within a memory buffer (CVE-2024-6236). If exploited successfully, this vulnerability could lead to a denial of service condition. The affected NetScaler Console and NetScaler Agent versions, as well as NetScaler SVM versions, have received updates to rectify these issues.
In addition, Citrix has resolved an issue of improper privilege management in Workspace App for Windows (CVE-2024-6286). This flaw could lead to local privilege escalation, allowing an attacker to gain SYSTEM privileges.
Another vulnerability that Citrix has addressed is one that impacts the Virtual Delivery Agent for Windows, used by Citrix Virtual Apps and Desktops and Citrix DaaS (CVE-2024-6151). This is also an issue of improper privilege management, and a local attacker could exploit this flaw to gain SYSTEM privileges.
Citrix has not disclosed whether any of these vulnerabilities have been exploited in real-world attacks. The US cybersecurity agency CISA has issued an alert regarding the vulnerabilities that Citrix has addressed. "Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system." CISA stated.
Latest News
- New OpenSSH Vulnerability May Lead to Remote Code Execution
- Microsoft's July Security Update Exploited by Attackers, Patch for 139 Unique CVEs Released
- Blast-RADIUS Attack Exploits RADIUS Authentication Protocol Vulnerability
- Global Cybersecurity Agencies Issue Joint Advisory on China-affiliated APT40's Quick Exploit Adaptation
- Ghostscript Library's RCE Bug Now Being Exploited in Attacks
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.