Citrix recently informed its customers about a vulnerability in the PuTTY SSH client that could potentially allow attackers to access a XenCenter administrator’s private SSH key. XenCenter is a tool used to manage Citrix Hypervisor environments from a Windows desktop, facilitating tasks such as deploying and monitoring virtual machines.
The security flaw, known as CVE-2024-31497, affects multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR that utilize PuTTY for SSH connections. Citrix has addressed this issue by removing the third-party PuTTY component starting with XenCenter 8.2.6, with future versions no longer including it.
The vulnerability, discovered and reported by Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum, is related to how previous versions of PuTTY generate ECDSA nonces for authentication. Citrix has advised administrators to mitigate the risk by downloading and installing the latest version of PuTTY or by removing the PuTTY component entirely if not needed.
In a security advisory, Citrix explained that customers can replace the installed version of PuTTY with an updated one (version 0.81 or later) to maintain their current usage. Additionally, the company recommended that customers who do not require the ‘Open SSH Console’ functionality remove the PuTTY component altogether.
This incident comes after previous security concerns with Citrix products, including the urgent patching of Citrix Netscaler vulnerabilities by US federal agencies earlier this year. Citrix had warned about code injection and buffer overflow vulnerabilities that were actively exploited as zero-day threats. Another critical Netscaler flaw, known as Citrus Bleed (CVE-2023-4966), was also exploited by threat actors targeting government organizations and technology companies like Boeing before being patched.
The Health Sector Cybersecurity Coordination Center issued a sector alert urging healthcare organizations to protect their NetScaler ADC and NetScaler Gateway instances from ransomware attacks, emphasizing the importance of securing Citrix products in the face of increasing cyber threats.
Overall, Citrix’s response to the PuTTY SSH client vulnerability demonstrates the company’s commitment to addressing security issues promptly and proactively, reflecting the ongoing challenge of maintaining cybersecurity in an evolving threat landscape.By taking swift action to mitigate risks and educate customers about potential vulnerabilities, Citrix aims to strengthen the security posture of its products and protect organizations from potential cyber threats.
Article Source
https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-manually-mitigate-putty-ssh-client-bug/