Several high-severity vulnerabilities in Citrix Systems' Virtual Apps and Desktops, as well as its Workspace Apps, which could be exploited to achieve privilege escalation and system takeovers, have been patched in recently issued security updates, BleepingComputer reports.
The most severe of the addressed flaws is CVE-2023-24483, which could be leveraged to escalate privileges to NT AUTHORITYSYSTEM that could facilitate arbitrary code execution, sensitive data access, and unrestricted system configuration alterations. Other addressed bugs include CVE-2023-24484, CVE-2023-24485, and CVE-2023-24486.
Users have been urged by Citrix to immediately upgrade to Citrix Virtual Apps and Desktops 1912 LTSR CU6 and later cumulative updates, Citrix Virtual Apps and Desktops 2203 LTSR CU2 and later cumulative updates, and Citrix Virtual Apps and Desktops 2212 and later versions, as well as Citrix Workspace App 1912 LTSR CU7 Hotfix 2 (19.12.7002) and later cumulative updates, Citrix Workspace App 2203 LTSR CU2 and later cumulative updates, Citrix Workspace App 2212 and later, and Citrix Workspace app for Linux 2302 and later.
Similar advice has been given by the Cybersecurity and Infrastructure Security Agency.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news