May 5, 2024

Citrix has released patch to address a critical vulnerability, tracked as CVE-2023-24492 with a CVSS score of 9.6, affecting the Secure Access client for Ubuntu that could be exploited to achieve remote code execution.

An attacker can trigger the vulnerability by tricking the victim into opening a specially crafted link and accepting further prompts.

The vulnerability affects versions of Citrix Secure Access client for Ubuntu before 23.5.2. The issue has been addressed in 23.5.2 and later releases.

Advertisements

Citrix also releases patches for a high-severity elevation of privilege vulnerability in the Secure Access client for Windows.

Tracked as CVE-2023-24491 with a CVSS score of 7.8, the issue allows an attacker with access to an endpoint with Standard User Account and a vulnerable client to elevate privileges to that of NT Authority\System.

The vulnerability has been resolved with the release of Secure Access client for Windows version 23.5.1.3.

The vulnerability was reported by Rilke Petrosky of F2TC Cyber Security.

The advisory did not reveal if the vulnerability has been actively exploited by threat actors in the wild.

Citrix customers are advised to update their installations as soon as possible by replacing the vulnerable client on the Citrix ADC or Gateway if it is distributed via the SSL VPN upgrade control feature of ADC or Gateway

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – May 04, 2024

May 4, 2024

Microsoft initiative in response to CSRB

May 4, 2024

Aruba fixes several Critical Vulnerabilities

May 3, 2024

Dropbox suffers a Data Breach

May 3, 2024

Gitlab CVE-2023-7028 added to CISA KEV Catalog

May 2, 2024

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – April, 2024

May 1, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading