Get in Touch

Get in Touch

Get in Touch

Please get in touch using the form below.

Close form

Home / Threat Intelligence bulletins / Citrix releases updates for high-severity vulnerabilities

Overview

Citrix Systems has released security patches for high-severity security vulnerabilities detected within their Virtual Application, Workspace Application and Desktop products. Each of the vulnerabilities that were addressed could grant threat actors with local access to the target system, allowing them to elevate their privileges and take control of the affected system.

The security flaws are being tracked as CVE-2023-24483, CVE-2023-24484, CVE-2023-24485 and CVE-2023-24486.

Impact

  • CVE-2023-24483: Successful exploitation of this vulnerability could allow a threat actor to exploit an improper privilege management flaw leading to privilege escalation to NT AUTHORITY\SYSTEM.
  • CVE-2023-24484: Successful exploitation of this vulnerability could allow a threat actor to exploit an improper access control flaw allowing log files to be written to a directory that should be out of reach for regular users.
  • CVE-2023-24485: Successful exploitation of this vulnerability could allow a threat actor to exploit an improper access control flaw leading to privilege escalation.
  • CVE-2023-24486: Successful exploitation of this vulnerability could allow a threat actor to gain access to the Citrix Virtual Application and Desktops session of another user who is using the same computer from which the ICA session is launched.

Vulnerability Detection

Security patches for the vulnerabilities mentioned have been released by Citrix Systems. Previous versions of the respective products (detailed below) therefore remain vulnerable to exploitation.

Affected Products

  •  CVE-2023-24483: Citrix Virtual Applications and Desktops prior to 2212, 2203 LTSR before CU2, and 1912 LTSR before CU6.
  • CVE-2023-24484: Citrix Workspace Application for Windows prior to 2212, 2203 LTSR before CU2, and 1912 LTSR before CU6.
  • CVE-2023-24485: Citrix Workspace Application for Windows prior to 2212, 2203 LTSR before CU2, and 1912 LTSR before CU6.
  • CVE-2023-24486: Citrix Workspace Application for Linux prior to 2302.

Containment, Mitigations & Remediations

It is strongly recommended that users of the respective Citrix products apply the relevant security patches as soon as possible. These have been outlined below:

  • CVE-2023-24483: This vulnerability has been addressed via the release of Citrix Virtual Applications and Desktops 2212 and later versions, Citrix Virtual Applications and Desktops 2203 LTSR CU2 and later cumulative updates, Citrix Virtual Applications and Desktops 1912 LTSR CU6 and later cumulative updates. The relevant security patch can be found within the Citrix Visual Applications and Desktops download web page.
  • CVE-2023-24484 and CVE-2023-24485: These vulnerabilities have been addressed via the release of Citrix Workspace Application 2212 and later, Citrix Workspace Application 2203 LTSR CU2, Citrix Workspace Application 1912 LTSR CU7 Hotfix 2 (19.12.7002) and later cumulative updates. The relevant security patch is that of Citrix Workspace app 2302 for Windows.
  • CVE-2023-24486: This vulnerability has been addressed via the release of Citrix Workspace Application for Linux 2302 and later. The relevant security patch is that of Citrix Workspace app 2302 for Windows.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available at this time.

Threat Landscape

Citrix Systems is currently one of the desktop and virtualisation market leaders, globally. Threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus their efforts on. As a result, the Citrix product range has the potential to emerge as a prime target for threat actors. Due to the fact that Citrix products have become an integral aspect of both personal and business affairs, threat actors will exploit vulnerabilities contained within these devices in an attempt to extract the sensitive data contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

TA0004 – Privilege Escalation

Privilege Escalation:

T1068 – Exploitation for Privilege Escalation

Further Information

Bleeping Computer Article
CISA Advisory

Intelligence Terminology Yardstick