Citrix Systems has released security updates for vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products.
The addressed security problems are categorized as high-severity and could enable attackers with local access to the target to elevate their privileges and take control of the affected system.
Citrix products are widely used by organizations worldwide, so it’s critical to apply the available security updates to prevent intruders from having an easy way to escalate their privileges on breached systems.
Privilege escalation is a key stage in a broad range of cyberattacks, including cyber espionage and ransomware, as threat actors need to gain higher privileges to stealthily exfiltrate data, disable security software, or spread to other systems for ransomware attacks.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has published an alert about applying Citrix’s security updates as soon as possible.
The vulnerabilities addressed by Citrix yesterday are:
- CVE-2023-24483: Improper privilege management flaw leading to privilege escalation to NT AUTHORITY\SYSTEM. Impacts Citrix Virtual Apps and Desktops before 2212, 2203 LTSR before CU2, and 1912 LTSR before CU6.
- CVE-2023-24484: Improper access control flaw allowing log files to be written to a directory that should be out of reach for regular users. Impacts Citrix Workspace App for Windows before 2212, 2203 LTSR before CU2, and 1912 LTSR before CU6.
- CVE-2023-24485: Improper access control flaw leading to privilege escalation. Impacts Citrix Workspace App for Windows before 2212, 2203 LTSR before CU2, and 1912 LTSR before CU6.
- CVE-2023-24486: Improper access control flaw leading to session takeover. Impacts Citrix Workspace App for Linux before 2302.
CVE-2023-24483 is the most severe of the flaws addressed this time. NT AUTHORITY\SYSTEM is the highest level of access privileges on Windows, and a user gaining that privilege can execute arbitrary code, access sensitive information, and modify system configurations without restrictions.
If the breached system is part of a network, gaining NT AUTHORITY\SYSTEM access would enable the attacker to move laterally within the network and pivot to adjacent systems as well.
The recommended upgrade targets that address the above flaws are the following:
- Citrix Virtual Apps and Desktops 2212 and later versions
- Citrix Virtual Apps and Desktops 2203 LTSR CU2 and later cumulative updates
- Citrix Virtual Apps and Desktops 1912 LTSR CU6 and later cumulative updates
- Citrix Workspace App 2212 and later
- Citrix Workspace App 2203 LTSR CU2 and later cumulative updates
- Citrix Workspace App 1912 LTSR CU7 Hotfix 2 (19.12.7002) and later cumulative updates
- Citrix Workspace app for Linux 2302 and later
“Citrix strongly recommends that customers upgrade to a fixed version as soon as possible,” warns the software vendor’s security bulletin.
Currently, there is no mitigation advice or workarounds for the discovered security issues, so updating the impacted products is the only recommended approach to address the risks.