Black Arrow Cyber Advisory 16/02/2023 – Citrix Releases Security Updates Addressing Vulnerabilities in Workspace Apps, Virtual Apps and Desktops Products
Executive Summary
This week Citrix released security updates for vulnerabilities affecting its’ Workspace Apps, Virtual Apps and Desktops products. The vulnerabilities are tracked as CVE-2023-24483, CVE-2023-24484, CVE-2023-24486 and CVE-2023-2286.
What’s the risk to me or my business?
Successful exploitation of the vulnerabilities could allow an attacker to escalate privileges and permissions from a standard user to system level. An attacker could also take over another users session and cause log files to be written to a directory which a standard user would not have permission to write to. For the exploitations to be successful, the attacker requires local access as a standard user to the Virtual Desktop Application.
What can I do?
For organisations using vulnerable versions of Workspace Apps, Virtual Apps and Desktop products, it is strongly recommended to install the patched versions as soon as possible. The affected versions are as below:
Citrix Virtual Apps and Desktops (CVE-2023-24483):
Current release versions before 2212
Long term service release (LTSTR) versions 2203 LTSR before CU2
1912 LTSR before CU6
Citrix Workspace App for Windows (CVE-2023-24484 and CVE-2023-24485):
Citrix Workspace App versions before 2212
Citrix Workspace App 2203 LTSR before CU2
Citrix Workspace App 1912 LTSR before CU7 Hotfix 2 (19.12.7002)
Citrix Workspace App for Linux (CVE-2023-2486)
All supported versions of Citrix Workspace app for Linux before 2302
Further information on CVE-2023-24483 can be found here: https://support.citrix.com/article/CTX477616/citrix-virtual-apps-and-desktops-security-bulletin-for-cve202324483
Further information on CVE-2023-24484 and CVE-2023-24485 can be found here: https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485
Further information on CVE-2023-2486 can be found here: https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity