<\/gwmw><\/h2>\n\n\n\nCitrix released security updates to address critical and high-severity issues in its NetScaler product<\/strong><\/a>.<\/gwmw><\/p>\n\n\n\n
The most severe issue is an improper authorization flaw, tracked as CVE-2024-6235 (CVSS score of 9.4). An attacker with access to the NetScaler Console IP can exploit the vulnerability to access sensitive information. <\/p>\n\n\n\n
The company also fixed an Improper Restriction of Operations within the Bounds of a Memory Buffer issue tracked as CVE-2024-6236. Successful exploitation of the vulnerability can trigger a denial of service condition. <\/p>\n\n\n\n
NetScaler Console and NetScaler Agent versions 14.1-25.53, 13.1-53.22, and 13.0-92.31, and to NetScaler SVM versions 14.1-25.53, 13.1-53.17, and 13.0-92.31 addressed both issues.<\/p>\n\n\n\n
The company also fixed an Improper Privilege Management in Workspace App for Windows, tracked as CVE-2024-6286<\/a>, that can lead to local privilege escalation. An attacker can trigger the issue to gain SYSTEM privileges.<\/p>\n\n\n\n
The company also fixed a vulnerability, tracked as CVE-2024-6151<\/a>, that impacts Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. The issue is an Improper Privilege Management, a local attacker can exploit the flaw to gain SYSTEM privileges<\/p>\n\n\n\n
Citrix did not reveal if one of these issues has been exploited in attacks in the wild. <\/p>\n\n\n\n
The complete list of vulnerabilities addressed by the company is available here<\/a>.<\/gwmw><\/p>\n\n\n\n
The US cybersecurity agency CISA also issued\u00a0an alert\u00a0<\/a>on the vulnerabilities addressed by Citrix.<\/p>\n\n\n\n
“Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.” states CISA.<\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, CISA)<\/strong><\/p>\n\n\n\n
<\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"
IT giant Citrix addressed multiple vulnerabilities, including critical and high-severity issues in its NetScaler product. Citrix released security updates to address critical and high-severity issues in its NetScaler product. The most severe issue is an improper authorization flaw, tracked as CVE-2024-6235 (CVSS score of 9.4). An attacker with access to the NetScaler Console IP can […]<\/p>\n","protected":false},"author":1,"featured_media":82191,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,55],"tags":[9269,4112,9508,9506,10918,687,841,1533],"class_list":["post-165553","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-security","tag-citrix","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司