Citrix recently released a series of patches for vulnerabilities in Virtual Apps, Desktops Apps and Workspace Apps. The patches are the only way to fix the vulnerabilities.
According to Citrix, the discovered vulnerabilities in its solutions can have a high impact on businesses. Through the discovered vulnerabilities, cybercriminals with local access are able to take over the privileges of attacked systems. This then gives them full control over these systems.
Privilege escalation can lead to worse cyber attacks, such as cyber espionage and ransomware attacks. The cybercriminals can thus siphon off data, disable existing security solutions and attack other systems.
Four vulnerabilities
Specifically, four vulnerabilities are involved. The most important one is CVE-2023-24483. This is an incorrect privilege management error that leads to privilege escalation for the NT AUTHORITY SYSTEM.
NT AUTHORITY SYSTEM is the highest level of access privileges for Windows and users with these privileges can easily run arbitrary code on affected systems and access sensitive information. These users can also change system configuration without restrictions.
This vulnerability applies to installations of Citrix Virtual Apps and Desktops for version 2212, version 2203 LTSR for CU2 and version 1912 LTSR for CU6.
Two other vulnerabilities are CVE-2023-24484 and CVE-2023-24485. The first vulnerability produces an incorrect verification error. This allows logs to be written in a directory inaccessible to normal users. The affected fix is Citrix Workspace App for Windows for version 2212, version 2203 LTSR for CU2 and version 1912 LTSR for CU6.
CVE-2023-24485 is an incorrect control error that leads to privilege escalation. This affects Citrix Workspace App for Windows for version 2212, version 2203 LTSR for CU2 and version 1912 LTSR for CU6.
The last vulnerability found, CVE-2023-24486, is an incorrect access control error that can lead to session takeover. This vulnerability affects Citrix Workspace App for Linux for version 2302.
Patch important
Citrix’s security alerts indicate that there are no workarounds for these vulnerabilities. Customers with the specific solutions are therefore strongly advised to update to new versions that now include the patches by default.
CISA, the U.S. government’s cyber watchdog, is also warning end users of Citrix Virtual Apps and Desktops and Citrix Workspace Apps to implement the patches.
Also read: Thousands of Citrix ADC and Gateway endpoints still vulnerable