Citrix has recently fixed critical and high severity vulnerabilities in its NetScaler product. These security updates address issues such as improper authorization, memory buffer limitations, and privilege management flaws that could potentially lead to serious consequences if exploited by attackers. The most serious vulnerability, tracked as CVE-2024-6235, allows attackers with access to the NetScaler console IP to gain sensitive information, while another flaw, CVE-2024-6236, could result in denial of service. These vulnerabilities have been patched in various versions of NetScaler Console and NetScaler Agent.
In addition to these issues, Citrix also addressed vulnerabilities in the Workspace app for Windows and the Virtual Delivery Agent for Windows. The vulnerability in the Workspace app, identified as CVE-2024-6286, could lead to local privilege escalation, giving attackers SYSTEM privileges. The flaw in the Virtual Delivery Agent for Windows (CVE-2024-6151) involves incorrect privilege management, which could be exploited by local attackers to gain SYSTEM privileges.
Citrix has not specified if any of these vulnerabilities have been exploited in actual attacks, but has released security updates to mitigate the risks they pose. The US cybersecurity agency CISA has also issued an alert regarding these vulnerabilities, warning that cybercriminals could potentially exploit them to compromise systems.
For the latest updates on security issues, you can follow Pierluigi Paganini on Twitter (@securitymatters), Facebook, and Mastodon. Stay informed and protected against piracy and cyber threats.
Article Source
https://securityaffairs.com/165553/security/citrix-fixed-netscaler-flaw.html?amp