Citrix Addresses Critical and High-Severity Bugs in NetScaler Product

July 10, 2024

Citrix has launched security patches to fix critical and high-risk problems in its NetScaler product. The most severe of these is an incorrect authorization flaw (CVE-2024-6235) with a CVSS score of 9.4. Any attacker with access to the NetScaler Console IP could exploit this vulnerability to gain access to confidential data.

Citrix has also addressed an issue of improper restriction of operations within a memory buffer (CVE-2024-6236). If exploited successfully, this vulnerability could lead to a denial of service condition. The affected NetScaler Console and NetScaler Agent versions, as well as NetScaler SVM versions, have received updates to rectify these issues.

In addition, Citrix has resolved an issue of improper privilege management in Workspace App for Windows (CVE-2024-6286). This flaw could lead to local privilege escalation, allowing an attacker to gain SYSTEM privileges.

Another vulnerability that Citrix has addressed is one that impacts the Virtual Delivery Agent for Windows, used by Citrix Virtual Apps and Desktops and Citrix DaaS (CVE-2024-6151). This is also an issue of improper privilege management, and a local attacker could exploit this flaw to gain SYSTEM privileges.

Citrix has not disclosed whether any of these vulnerabilities have been exploited in real-world attacks. The US cybersecurity agency CISA has issued an alert regarding the vulnerabilities that Citrix has addressed. "Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system." CISA stated.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.