Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Citrix fixed critical and high-severity bugs in NetScaler product

IT giant Citrix addressed multiple vulnerabilities, including critical and high-severity issues in its NetScaler product. Citrix released security updates to address critical and high-severity issues in its NetScaler product. The most severe issue is an improper authorization flaw, tracked as CVE-2024-6235 (CVSS score of 9.4). An attacker with access to the NetScaler Console IP can […]

Citrix NetScaler

IT giant Citrix addressed multiple vulnerabilities, including critical and high-severity issues in its NetScaler product.

Citrix released security updates to address critical and high-severity issues in its NetScaler product.

The most severe issue is an improper authorization flaw, tracked as CVE-2024-6235 (CVSS score of 9.4). An attacker with access to the NetScaler Console IP can exploit the vulnerability to access sensitive information.

The company also fixed an Improper Restriction of Operations within the Bounds of a Memory Buffer issue tracked as CVE-2024-6236. Successful exploitation of the vulnerability can trigger a denial of service condition.

NetScaler Console and NetScaler Agent versions 14.1-25.53, 13.1-53.22, and 13.0-92.31, and to NetScaler SVM versions 14.1-25.53, 13.1-53.17, and 13.0-92.31 addressed both issues.

The company also fixed an Improper Privilege Management in Workspace App for Windows, tracked as CVE-2024-6286, that can lead to local privilege escalation. An attacker can trigger the issue to gain SYSTEM privileges.

The company also fixed a vulnerability, tracked as CVE-2024-6151, that impacts Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. The issue is an Improper Privilege Management, a local attacker can exploit the flaw to gain SYSTEM privileges

Citrix did not reveal if one of these issues has been exploited in attacks in the wild.

The complete list of vulnerabilities addressed by the company is available here.

The US cybersecurity agency CISA also issued an alert on the vulnerabilities addressed by Citrix.

“Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.” states CISA.


Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, CISA)