Citrix Releases Security Advisory Addressing Vulnerabilities in Secure Access Clients for Windows and Ubuntu
Citrix Secure Access clients for Windows and Ubuntu are impacted by security vulnerabilities that may lead to local privilege escalation or remote code execution
Summary
Citrix Secure Access clients for Windows and Ubuntu are impacted by security vulnerabilities that may lead to local privilege escalation or remote code execution
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Citrix has released one high severity advisory for a vulnerability known as CVE-2023-24491 and one critical severity advisory for CVE-2023-24492, affecting Secure Access client for Windows and Secure Access client for Ubuntu respectively. An attacker could exploit these vulnerabilities to achieve privilege escalation or remote code execution on a target system.
Vulnerability details
- CVE-2023-24491 - A high severity privilege escalation vulnerability which impacts Secure Access for Windows. This vulnerability could be exploited by an attacker to gain NT AUTHORITY\SYSTEM privileges on a local system.
- CVE-2023-24492 - A critical remote code execution vulnerability within Secure Access for Ubuntu (previously known as Citrix Gateway VPN client for Ubuntu).
Remediation advice
Affected organisations are encouraged to review the following security advisories.
Remediation steps
| Type | Step |
|---|---|
| Patch |
Citrix Secure Access client for Windows | CTX561480 https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491 |
| Patch |
Citrix Secure Access client for Ubuntu | CTX564169 https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 13 July 2023 3:25 pm