Multiple Vulnerabilities Affecting Citrix Systems Products ​

Citrix Systems has released security updates addressing multiple high-severity vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products.

The vulnerabilities are:

• CVE-2023-24483: Improper privilege management flaw leading to privilege escalation to NT AUTHORITY\SYSTEM, the highest level of access privileges on Windows.

• CVE-2023-24484: Improper access control flaw allowing log files to be written to a directory that should be out of reach for regular users. 

• CVE-2023-24485: Improper access control flaw leading to privilege escalation. 

• CVE-2023-24486: Improper access control flaw leading to session takeover. 

Successful exploitation of the vulnerabilities could allow an attacker to perform arbitrary code execution, access sensitive information, and modify system configurations without restrictions.

The products affected by the vulnerabilities include:

• Citrix Virtual Apps and Desktops before 2212

• Citrix Virtual Apps and Desktops 2203 LTSR before CU2

• Citrix Virtual Apps and Desktops 1912 LTSR before CU6

• Citrix Workspace App for Windows before 2212

• Citrix Workspace App for Windows 2203 LTSR before CU2

• Citrix Workspace App for Windows 1912 LTSR before CU6

• Citrix Workspace App for Linux before 2302

Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.

More information is available here:

https://support.citrix.com/article/CTX477616/citrix-virtual-apps-and-desktops-security-bulletin-for-cve202324483
https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485
https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486
https://www.bleepingcomputer.com/news/security/citrix-fixes-severe-flaws-in-workspace-virtual-apps-and-desktops/