Security Advisory

Citrix product family (NetScaler ADC, NetScaler Gateway, Citrix Workspace, etc.) security update advisory

  • Jul 12 2024

Overview

Citrix has released a security update that addresses a vulnerability in a shipped product. Users of affected products are advised to update to the latest version.

Affected Products

 

CVE-2024-5491

  • NetScaler ADC and NetScaler Gateway versions: ~ 14.1 (14.1-25.53 or below)
  • NetScaler ADC and NetScaler Gateway versions: ~ 13.1 (13.1-53.17 or below)
  • NetScaler ADC and NetScaler Gateway versions: ~ 13.0 (13.0-92.31 or below)
  • NetScaler ADC versions: ~ 13.1-FIPS 13.1-37.183 (excluded)
  • NetScaler ADC versions: ~ 12.1-FIPS 12.1-55.304 (excluded)
  • NetScaler ADC versions: ~ 12.1-NDcPP 12.1-55.304 (excluded)

 

CVE-2024-6286

  • Citrix Workspace for Windows versions: ~ 2403.1 (excluded)
  • Citrix Workspace for Windows versions: ~ 2402 LTSR (excluded)

 

CVE-2024-6151

  • Virtual Apps and Desktops versions: ~ 2402 (excluded)
  • Virtual Apps and Desktops versions: ~ 1912 LTSR CU9 (excluded)
  • Virtual Apps and Desktops versions: ~ 2203 LTSR CU5 (excluded)

 

Cve-2024-6235, cve-2024-6236

  • NetScaler Console 14.1 versions: ~ 14.1-25.53 (excluded)
  • NetScaler Console 13.1 versions: ~ 13.1-53.22 (excluded)
  • NetScaler Console 13.0 versions: ~ 13.0-92.31 (excluded)

 

  • NetScaler SDX 14.1 versions: ~ 14.1-25.53 (excluded)
  • NetScaler SDX 13.1 versions: ~ 13.1-53.17 (excluded)
  • NetScaler SDX 13.0 versions: ~ 13.0-92.31 (excluded)

 

  • NetScaler Agent 14.1 versions: ~ 14.1-25.53 (excluded)
  • NetScaler Agent 13.1 versions: ~ 13.1-53.22 (excluded)
  • NetScaler Agent 13.0 versions: ~ 13.0-92.31 (excluded)

 

 

Resolved Vulnerabilities

 

Denial of Service (DoS) vulnerability in NetScaler ADC and NetScaler Gateway (CVE-2024-5491)
Privilege escalation vulnerability in Citrix Workspace for Windows by Citrix (CVE-2024-6286)
Local privilege escalation vulnerability in Virtual Apps and Desktops by Citrix (CVE-2024-6151)
Sensitive Information Disclosure Vulnerability in NetScaler Console by Citrix (CVE-2024-6235)
Denial of Service Vulnerability in NetScaler Console, Agent, and SDX by Citrix (CVE-2024-6236)

 

Vulnerability Patches
 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-5491

  • NetScaler ADC and NetScaler Gateway versions: 14.1-25.53 and later releases
  • NetScaler ADC and NetScaler Gateway versions: 13.1-53.17 and 13.1 and later releases
  • NetScaler ADC and NetScaler Gateway versions: 13.0-92.31 and 13.0 and later releases
  • NetScaler ADC versions: 13.1-FIPS 13.1-37.183 and later 13.1-FIPS releases
  • NetScaler ADC versions: 12.1-FIPS 12.1-55.304 and later 12.1-FIPS releases
  • NetScaler ADC versions: 12.1-NDcPP 12.1-55.304 and later releases of 12.1-NDcPP

 

CVE-2024-6286

  • Citrix Workspace for Windows version: 2403.1
  • Citrix Workspace for Windows version: 2402 LTSR

 

CVE-2024-6151

  • Virtual Apps and Desktops version: 2402
  • Virtual Apps and Desktops version: 1912 LTSR CU9
  • Virtual Apps and Desktops version: 2203 LTSR CU5

 

 

Cve-2024-6235, cve-2024-6236

  • NetScaler Console 14.1 version: 14.1-25.53
  • NetScaler Console 13.1 version: 13.1-53.22
  • NetScaler Console 13.0 version: 13.0-92.31

 

  • NetScaler SDX 14.1 version: 14.1-25.53
  • NetScaler SDX 13.1 version: 13.1-53.17
  • NetScaler SDX 13.0 version: 13.0-92.31

 

  • NetScaler Agent 14.1 version: 14.1-25.53
  • NetScaler Agent 13.1 version: 13.1-53.22
  • NetScaler Agent 13.0 version: 13.0-92.31

 

Referenced Sites
 

[1] CVE-2024-5491 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-5491

[2] NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492

https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492

[3] CVE-2024-6286 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-6286

[4] CVE-2024-6151 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-6151

[5] CVE-2024-6235 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-6235

[6] CVE-2024-6236 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-6236

[7] Citrix Product Security Update Advisory

https://www.krcert.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000133&searchWrd=&menuNo=205020&pageIndex=1&categoryCode=&nttId=71492

Tags:

Previous Post

Next Post