Vulnerability

CERT-In Vulnerability Note CIVN-2024-0352
Multiple Vulnerabilities in Citrix Products

Original Issue Date:November 29, 2024

Severity Rating: HIGH

Software Affected

Citrix Session Recording versions prior to 2407 hotfix 24.5.200.8
Citrix Session Recording 1912 LTSR versions prior to CU9 hotfix 19.12.9100.6
Citrix Session Recording 2203 LTSR versions prior to CU5 hotfix 22.03.5100.11
Citrix Session Recording 2402 LTSR versions prior to CU1 hotfix 24.02.1200.16
NetScaler ADC and NetScaler Gateway�14.1 versions prior to 14.1-29.72
NetScaler ADC and NetScaler Gateway�13.1 versions prior to 13.1-55.34
NetScaler ADC 13.1-FIPS versions prior to 13.1-37.207
NetScaler ADC 12.1-FIPS versions prior to 12.1-55.321
NetScaler ADC 12.1-NDcPP versions prior to 12.1-55.321

Overview

Multiple vulnerabilities have been reported in Citrix products which could be exploited by an attacker to gain elevated privileges, execute arbitrary code or can cause denial of service condition on the targeted system.

Target Audience:
All organizations, IT security teams, and IT administrators managing Citrix products

Risk Assessment:
Unauthorized access to restricted data, remote code execution or denial of service.

Impact Assessment:
Potential for data modification and manipulation, malware propagation or service disruption.

Description

1. Vulnerabilities in Citrix Session Recording ( CVE-2024-8068 CVE-2024-8069 )

Citrix Session Recording is a feature within Citrix Virtual Apps and Desktops (formerly Citrix XenApp and XenDesktop) that records and monitors user sessions.
These vulnerabilities exist in the Citrix Session Recording server due to improper privilege management and deserialization of untrusted data. Successful exploitation of these vulnerabilities may allow an authenticated attacker within the same Windows Active Directory domain as the session recording server to escalate privileges to the NetworkService account and perform remote code execution on the targeted system.

2. Vulnerabilities in NetScaler ADC and NetScaler Gateway ( CVE-2024-8534 CVE-2024-8535 )

NetScaler ADC is a hardware or software solution that optimizes, secures, and accelerates the delivery of applications and services over network and cloud environments. NetScaler Gateway (also known as Citrix Gateway) is a solution used to remotely access applications, desktops, and data hosted on enterprise networks.
These vulnerabilities exist in NetScaler ADC and NetScaler Gateway due to improper access restriction. Successful exploitation of these vulnerabilities may allow a remote attacker to perform memory corruption leading to denial of service condition, or an authenticated user can access unintended user capabilities on the targeted system.

Solution

Apply appropriate updates as mentioned:
https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535

https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069

Vendor Information

Citrix
https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535
https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069

References

CVE Name
CVE-2024-8068
CVE-2024-8534
CVE-2024-8069
CVE-2024-8535

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-22902657

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India