Citrix fixed critical and high-severity bugs in NetScaler product

Pierluigi Paganini July 10, 2024

IT giant Citrix addressed multiple vulnerabilities, including critical and high-severity issues in its NetScaler product.

Citrix released security updates to address critical and high-severity .

The most severe issue is an improper authorization flaw, tracked as CVE-2024-6235 (CVSS score of 9.4). An attacker with access to the NetScaler Console IP can exploit the vulnerability to access sensitive information.

The company also fixed an Improper Restriction of Operations within the Bounds of a Memory Buffer issue tracked as CVE-2024-6236. Successful exploitation of the vulnerability can trigger a denial of service condition.

NetScaler Console and NetScaler Agent versions 14.1-25.53, 13.1-53.22, and 13.0-92.31, and to NetScaler SVM versions 14.1-25.53, 13.1-53.17, and 13.0-92.31 addressed both issues.

The company also fixed an Improper Privilege Management in Workspace App for Windows, tracked as , that can lead to local privilege escalation. An attacker can trigger the issue to gain SYSTEM privileges.

The company also fixed a vulnerability, tracked as , that impacts Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. The issue is an Improper Privilege Management, a local attacker can exploit the flaw to gain SYSTEM privileges

Citrix did not reveal if one of these issues has been exploited in attacks in the wild.

The complete list of vulnerabilities addressed by the company is available .

The US cybersecurity agency CISA also issued an on the vulnerabilities addressed by Citrix.

“Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.” states CISA.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, CISA)



you might also like

leave a comment