Citrix recently informed its customers about a vulnerability in the PuTTY SSH client that could potentially allow attackers to steal a XenCenter administrator’s private SSH key. XenCenter is a tool used to manage Citrix Hypervisor environments from a Windows desktop and is responsible for tasks like monitoring and deploying virtual machines.
This security flaw, identified as CVE-2024-31497, impacts multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which utilize PuTTY for SSH connections. Citrix has removed the third-party PuTTY component starting with XenCenter 8.2.6 and will not include it in versions after 8.2.7. The vulnerability was discovered and reported by Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum, and is related to how previous versions of PuTTY generate ECDSA nonces.
To mitigate the vulnerability, Citrix recommends that administrators download the latest version of PuTTY and install it instead of the previous version included with XenCenter. Alternatively, users can remove the PuTTY component entirely if they do not use the ‘Open SSH Console’ functionality. Customers who wish to continue using PuTTY must replace the installed version with an updated one with a version number equal to or higher than 0.81.
Earlier this year, CISA directed US federal agencies to address two zero-day vulnerabilities in Citrix Netscaler, CVE-2023-6548 and CVE-2023-6549, following an advisory from Citrix about active exploitation. Another critical Netscaler flaw, known as CVE-2023-4966 or Citrus Bleeding, had also been exploited by various hacking groups to target government entities and technology companies like Boeing before being patched in October.
In response to the increasing ransomware threats, the Health Sector Cybersecurity Coordination Center released an alert advising healthcare organizations to secure their NetScaler ADC and NetScaler Gateway instances against potential attacks. It is crucial for organizations to stay vigilant and prioritize cybersecurity measures to safeguard their systems and data.
Article Source
https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-manually-mitigate-putty-ssh-client-bug/amp/