Citrix Xenserver vulnerabilities

CVE-2024-8534 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535 of Problem Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details. CVE References: CVE-2024-8534, CVE-2024-8535 Affected Products: Citrix ADC, Citrix Gateway, NetScaler ADC, NetScaler

CVE-2024-8068 [MEDIUM] CWE-269 Citrix Session Recording Security Bulletin for CVE-2024-8068 and CVE-2024-8069 Citrix Session Recording Security Bulletin for CVE-2024-8068 and CVE-2024-8069 of Problem A vulnerability has been discovered in Citrix Session Recording. Refer below for further details: CVE References: CVE-2024-8068, CVE-2024-8069 Affected Products: Citrix Session Recording, Citrix Virtual Apps and Desktops, Session Recording, XenServer, session recording Severity: Medium CVSS Score:

CVE-2024-7889 [HIGH] CWE-269 Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890 Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890 of Problem Two vulnerabilities have been discovered that impact the Citrix Workspace app for Windows. CVE References: CVE-2024-7889, CVE-2024-7890 Affected Products: Citrix Workspace app, XenServer, workspace Severity: High CVSS Score: 7.0 Remediation: Citrix strongly recommends that customers upgrade

CVE-2024-6151 [HIGH] CWE-269 Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2024-6151 Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2024-6151 of Problem A vulnerability has been identified that impacts Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. Refer to below for further details: CVE References: CVE-2024-6151 Affected Products: Citrix Virtual Apps and Desktops, Citrix provisioning s

CVE-2024-6148 [MEDIUM] CWE-276 Citrix Workspace app for HTML5 Security Bulletin CVE-2024-6148 and CVE-2024-6149 Citrix Workspace app for HTML5 Security Bulletin CVE-2024-6148 and CVE-2024-6149 of Problem Two vulnerabilities have been discovered that impact the Citrix Workspace app for HTML5. Refer to below for further details: CVE References: CVE-2024-6148, CVE-2024-6149 Affected Products: Citrix Workspace app, StoreFront, XenServer, storefront, workspace Severity: Medium CVSS Score: 5.3 Reme

CVE-2024-6150 [MEDIUM] CWE-284 Citrix Provisioning Security Bulletin CVE-2024-6150 Citrix Provisioning Security Bulletin CVE-2024-6150 of Problem A vulnerability has been discovered that impacts Citrix Provisioning. Refer to below for further details: CVE References: CVE-2024-6150 Affected Products: XenServer Severity: Medium CVSS Score: 4.8 Remediation: Citrix strongly recommends that customers upgrade their Citrix Provisioning to versions that contain the fixes as soon as possible. Citrix P

CVE-2023-24487 [HIGH] CWE-253 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488 Pre-requisites CWE CVE-2023-24488 Cross site scripting Appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server CWE-79 CVE-2023-24487 Arbitrary file read Access to NSIP or SNIP with management interface access CWE-253 Instructions Affected customers of Citri

CVE-2024-2049 [MEDIUM] CWE-918 Citrix SDWAN Security Bulletin for CVE-2024-2049 Citrix SDWAN Security Bulletin for CVE-2024-2049 Pre-requisites CWE CVE-2024-2049 If exploited, an attacker may disclose limited information from the appliance Access to management interface CWE-918 CVE References: CVE-2024-2049 Affected Products: CITRIX SD-WAN, Citrix SD-WAN, SD-WAN, XenServer Severity: Medium

CVE-2024-6286 [HIGH] CWE-269 Citrix Workspace app for Windows Security Bulletin CVE-2024-6286 Citrix Workspace app for Windows Security Bulletin CVE-2024-6286 of Problem A vulnerability has been discovered that impacts the Citrix Workspace app for Windows. Refer to below for further details: Details CVE References: CVE-2024-6286 Affected Products: Citrix Workspace app, XenServer Severity: High CVSS Score: 8.5 Remediation: Citrix strongly recommends that customers upgrade their Citrix Workspac

CVE-2024-6235 [CRITICAL] CWE-119 NetScaler Console, Agent and SDX (SVM) Security Bulletin for CVE-2024-6235 and CVE-2024-6236 NetScaler Console, Agent and SDX (SVM) Security Bulletin for CVE-2024-6235 and CVE-2024-6236 of Problem Two vulnerabilities have been discovered in NetScaler Console (formerly NetScaler ADM), NetScaler SDX (SVM), and NetScaler Agent. Refer to below for further details: CVE References: CVE-2024-6235, CVE-2024-6236 Affected Products: NetScaler Agent, NetScaler Console, Ne

CVE-2024-5491 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492 of Problem Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer to below for further details: CVE References: CVE-2024-5491, CVE-2024-5492 Affected Products: Citrix ADC, Citrix Gateway, NetScaler ADC, NetSca

CVE-2024-3661 [HIGH] Cloud Software Group Security Advisory for CVE-2024-3661 Cloud Software Group Security Advisory for CVE-2024-3661 CVE References: CVE-2024-3661 Affected Products: XenServer Severity: High

CVE-2024-5661 [MEDIUM] CVE-2024-5661: An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.

CVE-2023-24491 [HIGH] CWE-269 Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491 Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491 Pre-requisites CWE CVE-2023-24491 Local Privilege escalation to NT AUTHORITY\SYSTEM Access to an endpoint with Standard User Account that has the vulnerable client installed CWE-269 Instructions This issue has been addressed in the following versions of the Citrix Secure Access client for Windows: 23.5.1.3 and lat

CVE-2023-6184 [HIGH] CWE-913 Citrix Session Recording Security Bulletin for CVE-2023-6184 Citrix Session Recording Security Bulletin for CVE-2023-6184 Pre-requisites CWE CVE-2023-6184 An authenticated user can perform RCE Attacker must possess admin privileges to the Session Recording server CWE-913 Instructions Cloud Software Group strongly urges affected customers of Citrix Session Recording to install the relevant updated versions of Citrix Session Recording as soon their upgrade schedule pe

CVE-2023-6548 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Pre-requisites CWE CVE-2023-6548 Authenticated (low privileged) remote code execution on Management Interface Access to NSIP, CLIP or SNIP with management interface access CWE-94 CVE-2023-6549 Denial of Service and Out-Of-Bounds Memory Read Appliance must be configured as a Gateway (VPN vi

CVE-2023-5914 [MEDIUM] CWE-79 Citrix StoreFront Security Bulletin for CVE-2023-5914 Citrix StoreFront Security Bulletin for CVE-2023-5914 Pre-requisites CWE CVE-2023-5914 Cross-site scripting (XSS) Requires victim to access an attacker-controlled link in the browser CWE-79 Instructions Cloud Software Group strongly urges affected customers of Citrix StoreFront to install the relevant updated versions of Citrix StoreFront as soon as possible: Current Release (CR) Citrix StoreFront 2308.1 and lat

CVE-2023-4966 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967 Pre-requisites CWE CVE-2023-4966 Sensitive information disclosure Application must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server CWE-119 CVE-2023-4967 Denial of service Appliance must be configured as a Gateway (VPN virtual server, ICA Prox

CVE-2022-1304 [HIGH] Citrix Hypervisor Multiple Security Updates Citrix Hypervisor Multiple Security Updates of Problem Several issues have been discovered that affect Citrix Hypervisor 8.2 CU1 LTSR and may allow malicious privileged code in a guest VM to: i) Compromise an AMD-based host via a passed through PCI device: CVE-2023-34326 ii) Compromise the host when a specific administrative action is taken (see CVE References: CVE-2022-1304, CVE-2023-20588, CVE-2023-34324, CVE-2023-34326, CVE-20

CVE-2023-3466 [MEDIUM] CWE-20 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 Pre-requisites CWE CVE-2023-3466 Citrix ADC, Citrix Gateway Reflected Cross-Site Scripting (XSS) Requires victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NSIP CWE-20 CVE-2023-3467 Citrix ADC, Citrix Gateway Privileg