Citrix Releases Security Updates for Multiple Products

Security updates address multiple vulnerabilities affecting Citrix ADC, Citrix Gateway, ShareFile StorageZones and Citrix Virtual Apps and Desktops

Threat ID:: CC-4339
Threat Severity:: Medium
Published:: 14 June 2023 4:51 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security updates address multiple vulnerabilities affecting Citrix ADC, Citrix Gateway, ShareFile StorageZones and Citrix Virtual Apps and Desktops

Affected platforms

The following platforms are known to be affected:

Versions: Windows - all prior 2305, 2203 LTSR all prior CU3, 1912 LTSR all prior CU7 Linux - all prior 2305, 2203 LTSR all prior CU3, 1912 LTSR all prior CU7 hotfix 1(19.12.7001)

Citrix Virtual Apps and Desktops

Versions: 13.1 prior 13.1-45.61, 13.0 prior 13.0-90.11, 12.1 prior 12.1-65.35, 12.1-FIPS prior 12.1-55.296, 12.1-NDcPP prior 12.1-55.296

Citrix ADC

Versions: 13.1 prior 13.1-45.61, 13.0 prior 13.0-90.11, 12.1 prior 12.1-65.35

Citrix Gateway

Versions: all prior 5.11.24

ShareFile

Threat details

Introduction

Citrix has released security updates to address four vulnerabilities affecting Citrix ADC, Citrix Gateway, ShareFile StorageZones and Citrix Virtual Apps and Desktops. An unauthenticated remote attacker could exploit one of these vulnerabilities to perform remote code execution.

Exploitation in the wild for CVE-2023-24489

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24489 to their Known Exploited Vulnerability Catalog based on evidence of active exploitation in the wild.

Threat updates

Date	Update
17 Aug 2023	Exploitation in the wild for CVE-2023-24489 This cyber alert has been updated to reflect this change
1 Aug 2023	Evidence of exploitation attempts in the wild This cyber alert has been updated to reflect this change.

Remediation advice

Affected organisations are encouraged to review relevant Citrix Security Bulletin and apply the relevant updates.

Remediation steps

Type	Step
Patch	Citrix Virtual Apps and Desktops - Windows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490 https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490
Patch	ShareFile StorageZones Controller Security Update for CVE-2023-24489 https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489
Patch	Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488 https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488

Definitive source of threat updates

https://support.citrix.com/knowledge-center/search#/All%20Products?ct=Security%20Bulletins&sortBy=Created%20date

CVE Vulnerabilities

CVE-2023-24487

CVE-2023-24488

CVE-2023-24489

CVE-2023-24490

Last edited: 17 August 2023 2:31 pm