Citrix’s uberAgent, a sophisticated monitoring tool used to enhance performance and security across Citrix platforms, has been identified as having a critical vulnerability. The flaw, tracked under CVE-2024-3902,… Article Source https://cybersecuritynews.com/citrix-uberagent-privilege-escalation/
Citrix has revealed two critical vulnerabilities in its NetScaler products, posing risks of sensitive data exposure and denial of service attacks. The vulnerabilities identified as CVE-2024-6235 and CVE-2024-6236 have urged Citrix users to update their systems to prevent potential threats. CVE-2024-6235 involves authentication misuse, potentially divulging sensitive information, with a severity score of 9.4. Exploiting … Read more
Citrix has disclosed two critical vulnerabilities affecting its NetScaler products, including the NetScaler Console, SVM, and Agent. These vulnerabilities, identified as CVE-2024-6235 and CVE-2024-6236, could potentially allow attackers to access sensitive information and launch denial of service (DoS) attacks. The urgency of the situation has led to calls for immediate updates from Citrix to mitigate … Read more
VMware has disclosed three critical vulnerabilities in its ESXi hypervisor that could allow attackers to bypass authentication mechanisms. These vulnerabilities, identified as CVE-2024-37085, CVE-2024-37086, and CVE-2024-37087, pose significant risks to organizations utilizing VMware ESXi in their virtualized environments. The vulnerabilities impact the authentication processes within VMware ESXi, potentially enabling unauthorized access to the system. CVE-2024-37085 … Read more
Citrix has warned its customers to promptly patch Netscaler ADC and Gateway appliances against two zero-day vulnerabilities that are being actively exploited. The vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, can lead to remote code execution and denial-of-service attacks on unpatched Netscaler instances. Attackers need to log in to low-privileged accounts on the target instance and … Read more
VMware released security patches to fix vulnerabilities in the USB controllers of various hypervisors, including ESXi, Workstation, Fusion, and Cloud Foundation. These vulnerabilities could allow attackers to execute malicious code on the host system, bypassing the isolation layer. Previous exploits in VM products have been used by attacker groups to deploy ransomware. The security patches … Read more
In recent news, UnitedHealth has confirmed that Change Healthcare’s network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company’s Citrix remote access service. The attack caused severe disruptions to critical healthcare services, with estimated financial damage totaling $872 million. The ransomware gang initially claimed to have received a … Read more
A critical security vulnerability has been discovered in Citrix Workspace app for Mac, posing a serious risk to users and organizations relying on the software. Tracked as CVE-2024-5027, the flaw allows an attacker to escalate their privileges from a local authenticated user to a root user, potentially leading to system compromise and data loss. The … Read more
Cisco has disclosed two vulnerabilities in its Finesse web-based management interface which could allow remote attackers to conduct a stored cross-site scripting attack. The vulnerabilities, identified as CVE-2024-20404 and CVE-2024-20405, involve a remote file inclusion vulnerability and a server-side request forgery attack. These vulnerabilities have a security impact rating of Medium, as they provide limited … Read more
A security vulnerability has been identified in Citrix NetScaler ADC and Gateway appliances, allowing remote attackers to access sensitive data without authentication. This flaw, known as an out-of-bounds memory read issue, affects software versions up to 13.1-50.23 and has been compared to the previously known CitrixBleed vulnerability, though it is considered less serious in terms … Read more