Citrix Xenserver vulnerabilities

CVE-2023-24492 [HIGH] CWE-94 Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492 Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492 Pre-requisites CWE CVE-2023-24492 Citrix ADC Remote Code Execution A victim user must open an attacker-crafted link and accept further prompts CWE-94 Instructions This issue has been addressed in the following versions of Citrix Secure Access client for Ubuntu: 23.5.2 and later releases Citrix recommends that custome

CVE-2023-24490 [MEDIUM] CWE-284 Windows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490 Windows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490 Pre-requisites CWE CVE-2023-24490 Users with only access to launch VDA applications can launch an unauthorized desktop Authorized user with the ability to launch a virtual application CWE-284 Instructions Citrix strongly recommends that customers upgrade their Windows

CVE-2023-24486 [MEDIUM] CWE-284 Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486 Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486 Vulnerability Type Pre-conditions CVE-2023-24486 Session takeover CWE-284: Improper Access Control Local user access to a system where another user is utilizing a vulnerable version of Citrix Workspace App for Linux to launch published desktops and applications This issue affects all supported versions of Citrix Workspace app for

CVE-2022-27518 [CRITICAL] CWE-664 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 CWE CVE References: CVE-2022-27518 Affected Products: Citrix ADC, Citrix Gateway, XenServer Severity: Critical

CVE-2022-27510 [CRITICAL] CWE-288 Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 CWE CVE References: CVE-2022-27510, CVE-2022-27513, CVE-2022-27516 Affected Products: Citrix ADC, Citrix Gateway, XenServer Severity: Critical

CVE-2022-27511 [HIGH] CWE-284 Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512 Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512 CWE Pre-conditions CVE-2022-27511 Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password CWE-284: Improper Access Control Access to ADM IP CVE-2022-27512 Temporary disruption of the ADM license service CWE-664: I

CVE-2021-22919 [HIGH] CWE-284 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update CWE CVE References: CVE-2021-22919, CVE-2021-22920, CVE-2021-22927 Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler ADC, NetScaler Gateway, Workspace, XenServer Severity:

CVE-2021-22928 [HIGH] CWE-284 Citrix Virtual Apps and Desktops Security Update Citrix Virtual Apps and Desktops Security Update Vulnerability Type Pre-conditions CVE-2021-22928 Local privilege escalation on a Windows VDA CWE-284: Improper Access Control Authenticated access to a VDA with Citrix Profile Management or Citrix Profile Management WMI Plugin installed The vulnerability affects the following supported versions of Citrix Virtual Apps and Desktops and XenApp / XenDesktop: Citrix Virtual

CVE-2020-8299 [MEDIUM] CWE-284 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update CWE CVE References: CVE-2020-8299, CVE-2020-8300 Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, Citrix Workspace App, NetScaler ADC, NetScaler Gateway, Workspace, XenServer Sever

CVE-2021-22907 [HIGH] CWE-284 Citrix Workspace App Security Update Citrix Workspace App Security Update of Problem A vulnerability has been identified that could result in a local user escalating their privilege level to SYSTEM on the computer running Citrix Workspace app for Windows. The vulnerability has the following identifier: CVE ID Description Vulnerability Type Pre-conditions CVE-2021-22907 Local privilege Escalation CWE-284: Improper Access Control Local user access to a system where C

CVE-2020-8269 [HIGH] CWE-269 Citrix Virtual Apps and Desktops Security Update Citrix Virtual Apps and Desktops Security Update of Problem Vulnerabilities have been identified in Citrix Virtual Apps and Desktops that could, if exploited, result in: An authenticated user of a multi-session Windows VDA, who has been granted permission to write to c:\ root directory, being able to escalate their privilege level on that VDA to SYSTEM An authenticated user of a Windows VDA with Citrix App-V service i

CVE-2020-8245 [MEDIUM] CWE-269 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update of Problem Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabil

CVE-2020-8208 [MEDIUM] Citrix Endpoint Management (CEM) Security Update Citrix Endpoint Management (CEM) Security Update of Problem Multiple vulnerabilities have been discovered in Citrix Endpoint Management (CEM), also referred to as XenMobile. These vulnerabilities have the following identifiers: CVE-2020-8208 CVE-2020-8209 CVE-2020-8210 CVE-2020-8211 CVE-2020-8212 CVE-2020-8253 The following versions of Citrix Endpoint Management (CEM) are affected by critical severity vulnerabilities: XenMo

CVE-2020-8200 [MEDIUM] Citrix StoreFront Security Update - Security Bulletin Citrix StoreFront Security Update - Security Bulletin A high severity issue has been discovered in Citrix StoreFront that, if exploited, would allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. This issue has the following identifier: CVE-2020-8200 The issue affects the following supported Current Release (CR) vers

CVE-2020-8207 [HIGH] Citrix Workspace app for Windows Security Update Citrix Workspace app for Windows Security Update of Problem A vulnerability has been identified in the automatic update service of Citrix Workspace app for Windows that could result in: A local user escalating their privilege level to that of an administrator on the computer running Citrix Workspace app for Windows. A remote compromise of the computer running Citrix Workspace app when Windows file sharing (SMB) is enabled. Th

CVE-2019-18177 [MEDIUM] Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update of Problem Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities,

CVE-2020-13884 [HIGH] Vulnerabilities in Citrix Workspace app and Receiver for Windows Vulnerabilities in Citrix Workspace app and Receiver for Windows of Problem Vulnerabilities have been identified in Citrix Workspace app and Citrix Receiver for Windows that could result in a local user escalating their privilege level to administrator during the uninstallation process. The issues have the following identifiers: CVE-2020-13884 CVE-2020-13885 These vulnerabilities affect supported versions of

CVE-2012-4606 [HIGH] CWE-269 CVE-2012-4606: Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.

CVE-2014-3798 [MEDIUM] CWE-20 CVE-2014-3798: The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a d The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.

CVE-2018-19961 [HIGH] CWE-459 CVE-2018-19961: An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.