Critical Remote Code Execution Vulnerability in Citrix ADC (CVE-2023-24492)

Imechapishwa: Jul 14, 2023 09:04

Advisory No: TZCERT/SA/2023/07/14-02

Source: Citrix

Software Affected: Citrix ADC

Overview

Description

Advisory No: TZCERT/SA/2023/07/14-02

Date of First Release: 14th July 2023

Source: Citrix

Software Affected: Citrix ADC

Overview:

Citrix has released security patches to address a critical vulnerability affecting the secure access client for Ubuntu. The vulnerability could allow an attacker to execute arbitrary code.

Description:

Citrix Secure Access client for Ubuntu is affected with remote code execution vulnerability. The vulnerability allows an elevated privilege access to the attacker with access to vulnerable client. A victim user must open an attacker-crafted link and accept further prompts.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

Citrix has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492
  2. https://securityaffairs.com/148405/security/citrix-critical-flaw-secure-access-client-for-ubuntu.html
  3. https://digital.nhs.uk/cyber-alerts/2023/cc-4353

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Ripoti Tukio