Citrix Product Security Update Advisory
Overview
We have released security updates to fix vulnerabilities in Citrix products. users of affected products are advised to update to the latest version.
Affected Products
Cve-2024-8068, cve-2024-8069
Current Release (CR)
- Citrix Virtual Apps and Desktops 2407 hotfix 24.5.200.8 or below
Long Term Service Release (LTSR)
- Citrix Virtual Apps and Desktops 1912 LTSR CU9 hotfix 19.12.9100.6 or below
- Citrix Virtual Apps and Desktops 2203 LTSR CU5 hotfix 22.03.5100.11 or below
- Citrix Virtual Apps and Desktops 2402 LTSR CU1 hotfix 24.02.1200.16 or below
Resolved Vulnerabilities
Vulnerability that could allow elevation of privilege for NetworkService account access (CVE-2024-8068)
Vulnerability with limited remote code execution with NetworkService account access (CVE-2024-8069)
Vulnerability Patches
vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
Cve-2024-8068, cve-2024-8069
Current Release (CR)
- Citrix Virtual Apps and Desktops 2407 hotfix 24.5.200.8 and at least version 24.5.200.8
Long Term Service Release (LTSR)
- Citrix Virtual Apps and Desktops 1912 LTSR CU9 hotfix 19.12.9100.6 or at least later
- Citrix Virtual Apps and Desktops 2203 LTSR CU5 hotfix 22.03.5100.11 or at least later versions
- Citrix Virtual Apps and Desktops 2402 LTSR CU1 hotfix 24.02.1200.16 or at least later
references
[1] CVE-2024-8068 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-8068
[2] CVE-2024-8069 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-8069
[3] Citrix Session Recording Security Bulletin for CVE-2024-8068 and CVE-2024-8069