- 108/2023
- Medium
Citrix has released security updates to address several vulnerabilities in Citrix ADC and Citrix Gateway.
The addressed vulnerabilities could allow the remote attacker to gain unauthorized access to the system, or perform a cross-site scripting attack to steal the victim’s cookie-based authentication credentials.
The addressed vulnerabilities:
1. Citrix ADC and Gateway Unauthorized Access (CVE-2023-24487):
- CVSS: 6.3
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Citrix ADC and Gateway Cross-Site Scripting (CVE-2023-24488):
- CVSS: 6.1
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Scripting
The affected versions of Citrix ADC and Citrix Gateway:
- Citrix ADC and Citrix Gateway 13.1 before 13.1-45.61.
- Citrix ADC and Citrix Gateway 13.0 before 13.0-90.11.
- Citrix ADC and Citrix Gateway 12.1 before 12.1-65.35.
- Citrix ADC 12.1-FIPS before 12.1-55.296.
- Citrix ADC 12.1-NDcPP before 12.1-55.296.
Vulnerabilities
- CVE-2023-24487
- CVE-2023-24488
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.