Citrix recently informed its customers about a security vulnerability in the PuTTY SSH client that could potentially allow attackers to steal a XenCenter administrator’s private SSH key. XenCenter is a tool used to manage Citrix Hypervisor environments from a Windows desktop, allowing users to deploy and monitor virtual machines.
The vulnerability, tracked as CVE-2024-31497, affects multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which utilize PuTTY to establish SSH connections. Citrix has addressed this issue by removing the third-party PuTTY component in XenCenter 8.2.6 and subsequent versions. This change aims to prevent attackers from exploiting the vulnerability to gain access to administrator SSH keys.
The vulnerability was discovered and reported by Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum. It stems from how previous versions of PuTTY generate ECDSA nonces for authentication, specifically for the NIST P-curve 521.
To mitigate the vulnerability, administrators are advised to download the latest version of PuTTY and install it separately from the version included in previous XenCenter releases. Additionally, users who do not require the ‘Open SSH Console’ functionality can opt to remove the PuTTY component entirely. Those who wish to continue using PuTTY should update to a version with a number of at least 0.81.
In a separate incident in January, Citrix faced security challenges with vulnerabilities in Citrix Netscaler, including CVE-2023-6548 code injection and CVE-2023-6549 buffer overflow vulnerabilities. These vulnerabilities were actively exploited as zero-days, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to issue a directive for US federal agencies to patch their systems promptly.
Furthermore, a critical Netscaler flaw known as Citrus Bleed (CVE-2023-4966) was also exploited as a zero-day by malicious actors targeting government organizations and technology companies like Boeing. This vulnerability was later patched in October after posing a significant risk to sensitive data.
The Health Sector Cybersecurity Coordination Center also issued an alert to healthcare organizations urging them to protect their NetScaler ADC and NetScaler Gateway instances from potential ransomware attacks. This heightened focus on cybersecurity underscores the importance of promptly addressing software vulnerabilities to safeguard critical infrastructure and sensitive data.
Article Source
https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-manually-mitigate-putty-ssh-client-bug/