CVE-2024-6677: Citrix uberAgent Security Bulletin for CVE-2024-6677 of Problem A vulnerability has been discovered in Citrix uberAgent, which, if exploited, may result in the…

Citrix uberAgent Security Bulletin for CVE-2024-6677 of Problem A vulnerability has been discovered in Citrix uberAgent, which, if exploited, may result in the escalation of privileges of the attacker. CVE References: CVE-2024-6677 Affected Products: XenServer Severity: High CVSS Score: 7.3 Remediation: Cloud Software Group strongly urges affected customers of Citrix uberAgent to install the relevant updated versions of Citrix uberAgent as soon as possible: Citrix uberAgent 7.2.1 and later The latest Citrix uberAgent versions can be downloaded here: https://uberagent.com/download/uberagent/ Workarounds/ Mitigating Factors For all Citrix uberAgent versions before 7.2.1 Ensure that the system PATH environment variable does not include any directories writable by users.