Citrix has recently identified a critical vulnerability (CVE-2024-31497) in certain versions of its Citrix Hypervisor virtualization platform. This vulnerability is associated with the use of a vulnerable version of the PuTTY SSH client in XenCenter, the management console for Citrix Hypervisor.
The affected versions of XenCenter, specifically those prior to 8.2.6 in the Citrix Hypervisor 8.2 CU1 Long Term Service Release (LTSR), integrated PuTTY for SSH connections from XenCenter to guest virtual machines. However, versions of PuTTY prior to 0.81 contained an error when generating ECDSA encryption keys using the NIST P-521 curve. This flaw could potentially allow an attacker controlling a guest virtual machine to determine the SSH private key of a XenCenter administrator who uses that key for SSH authentication to the compromised virtual machine.
If exploited, obtaining the private key could grant unauthorized access to other systems and services using the same key. Furthermore, compromised keys could lead to supply chain attacks if used for services like Git that host software source code. Not only affecting Citrix Hypervisor, this PuTTY vulnerability also impacts other products like FileZilla, WinSCP, TortoiseGit, and TortoiseSVN that include the affected versions.
To address this risk, Citrix has ceased the inclusion of PuTTY in XenCenter starting with version 8.2.6 for Citrix Hypervisor 8.2 CU1 LTSR. Future versions, starting from 8.2.7, will no longer include PuTTY. Customers are advised to upgrade PuTTY to version 0.81 or later if they wish to continue using the SSH console functionality in XenCenter.
Citrix strongly recommends that all customers subscribe to security bulletin alerts and take any potential vulnerabilities seriously. The PuTTY vulnerability has been designated a CVSS severity score of 5.9. Customers using affected versions of XenCenter with PuTTY are urged to promptly update PuTTY or remove it if SSH functionality is not needed.
For customers using XenCenter versions for the newer XenServer 8 hypervisor, it is important to note that PuTTY has never been included in these versions and therefore, they are not affected by this vulnerability.
Overall, it is crucial for organizations to stay vigilant about security vulnerabilities and take appropriate measures to secure their systems and networks. It is also recommended to update software regularly and adopt security best practices to prevent potential cyber attacks and data breaches.
Article Source
https://cybersecuritynews.com/citrix-putty-hypervisor-security-update/