Citrix fixes main safety flaws throughout a number of companies
Citrix has launched a patch for a collection of high-severity vulnerabilities that have an effect on a number of choices, the corporate confirmed in a safety bulletin earlier this week.
Given the severity of the failings, the prevalence of the instruments in query, and the truth that there are not any workarounds or different mitigations, the corporate mentioned it was essential that affected organizations apply the repair instantly.
The US Cybersecurity and Infrastructure Safety Company (CISA) additionally weighed in, issuing an alert of its personal, urging Citrix clients to not maintain again with updates, BleepingComputer discovered.
5 flaws
There are a complete of 5 vulnerabilities addressed within the patch: CVE-2023-24483 (permits privilege escalation), CVE-2023-24484 (permits entry to log recordsdata that will in any other case be out of attain for normal customers) , CVE-2023-24485 (permits privilege escalation), CVE-2023-24486 (permits session takeover), and CVE-2023-24483 (permits privilege escalation to NT AUTHORITYSYSTEM).
This ultimate flaw is probably the most critical of all, giving potential risk actors a option to execute arbitrary code, acquire essential paperwork, and modify the goal endpoint. (opens in a brand new tab)system.
The instruments affected by these flaws are Citrix Digital Apps and Desktops and Workspace app, particularly these variations:
- Citrix Digital Apps and Desktops 2212 and later variations
- Citrix Digital Apps and Desktops 2203 LTSR CU2 and later cumulative updates
- Citrix Digital Apps and Desktops 1912 LTSR CU6 and later cumulative updates
- Citrix Workspace app 2212 and later
- Citrix Workspace App 2203 LTSR CU2 and later cumulative updates
- Citrix Workspace app 1912 LTSR CU7 Hotfix 2 (19.12.7002) and later cumulative updates
- Citrix Workspace app for Linux 2302 and later
“Citrix strongly recommends that clients improve to a set model as quickly as attainable,” the corporate mentioned in its safety bulletin.
Since there are not any mitigations or fixes for these flaws, the one option to keep protected is to put in the patches, the corporate added.
By means of: BleepingTeam (opens in a brand new tab)
