- 199/2024
- Critical
Citrix has released security updates to address several vulnerabilities across multiple Citrix products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, gain privileges, obtain sensitive information, bypass security restrictions, or execute arbitrary code and gain access to the affected system by sending a specially crafted request.
Sample of the addressed vulnerabilities:
1. Citrix NetScaler Console Information Disclosure Vulnerability (CVE-2024-6235):
- CVSS: 9.4
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
2. Citrix Workspace App for Windows Privilege Escalation Vulnerability (CVE-2024-6286):
- CVSS: 8.5
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
The affected products:
- Citrix NetScaler ADC.
- Citrix Workspace App for Windows.
- Citrix Workspace App for HTML5.
- Citrix Provisioning.
- Citrix Virtual Apps and Desktops.
- NetScaler Console, NetScaler Agent, and NetScaler SVM.
- NetScaler ADC and NetScaler Gateway.
Vulnerabilities
- CVE-2024-5491
- CVE-2024-5492
- CVE-2024-6235
- CVE-2024-6236
- CVE-2024-6148
- CVE-2024-6149
- CVE-2024-6150
- CVE-2024-6151
- CVE-2024-6286
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.