Home FAQ Site Map
Search In Site

Security Alerts

Severity Level: High 

Title: 

Security Updates- Citrix Products

Summary:

1. NetScaler ADC and NetScaler Gateway:

• CVE-2024-8534- CVSS v4.0 Base Score: 8.4- Memory safety vulnerability leading to memory corruption and Denial of Service • CVE-2024-8535- CVSS v4.0 Base Score: 5.8- Authenticated user can access unintended user capabilities

Affected Versions:

• NetScaler ADC and NetScaler Gateway 14.1 – before version 14.1-29.72

• NetScaler ADC and NetScaler Gateway 13.1 – before version 13.1-55.34

• NetScaler ADC 13.1-FIPS – before version 13.1-37.207

 • NetScaler ADC 12.1-FIPS – before version 12.1-55.321

 • NetScaler ADC 12.1-NDcPP – before version 12.1-55.321

Fixed Versions:

• NetScaler ADC  and NetScaler Gateway 14.1-29.72 and later releases

 • NetScaler ADC and NetScaler Gateway   13.1-55.34 and later releases of 13.1

 • NetScaler ADC 13.1-FIPS 13.1-37.207 and later releases of 13.1-FIPS 

 • NetScaler ADC 12.1-FIPS 12.1-55.321 and later releases of 12.1-FIPS 

 • NetScaler ADC 12.1-NDcPP 12.1-55.321 and later releases of 12.1-NDcPP

 2. Citrix Session Recording:

• CVE-2024-8068- CVSS v4.0 Base Score: 5.1- Privilege escalation to NetworkService Account access- Attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain

• CVE-2024-8069- CVSS v4.0 Base Score: 5.1-Limited remote code execution with privilege of a NetworkService Account access- Attacker must be an authenticated user on the same intranet as the session recording server

Affected Versions: • Citrix Virtual Apps and Desktops before 2407 hotfix 24.5.200.8

 • Citrix Virtual Apps and Desktops 1912 LTSR before CU9 hotfix 19.12.9100.6

• Citrix Virtual Apps and Desktops 2203 LTSR before CU5 hotfix 22.03.5100.11

 • Citrix Virtual Apps and Desktops 2402 LTSR before CU1 hotfix 24.02.1200.16

 Fixed Versions:

• Citrix Virtual Apps and Desktops 2407 hotfix 24.5.200.8 and later

• Citrix Virtual Apps and Desktops 1912 LTSR CU9 hotfix 19.12.9100.6 and later

• Citrix Virtual Apps and Desktops 2203 LTSR CU5 hotfix 22.03.5100.11 and later

• Citrix Virtual Apps and Desktops 2402 LTSR CU1 hotfix 24.02.1200.16 and later

 

Recommendations:.
upgrade the affected versions to the fixed versions at the earliest

References:

click here 

 

 

 

Report An Incident
Quick Links
Contact Us Useful Links Partners and Members Site Map PGP Key
Latest News & Event
View All
Contact Us
Jo-Cert@Ncsc.Jo 06 590 0500 06-5900511 066900501 Jandaweel Abdallah Rajab Hakouz

All Rights Reserved © JOCERT 2024

Powered By Echo Technology