Security News > 2023 > February > Citrix fixes severe flaws in Workspace, Virtual Apps and Desktops

Citrix fixes severe flaws in Workspace, Virtual Apps and Desktops
2023-02-15 18:38

Citrix Systems has released security updates for vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products.

Citrix products are widely used by organizations worldwide, so it's critical to apply the available security updates to prevent intruders from having an easy way to escalate their privileges on breached systems.

Privilege escalation is a key stage in a broad range of cyberattacks, including cyber espionage and ransomware, as threat actors need to gain higher privileges to stealthily exfiltrate data, disable security software, or spread to other systems for ransomware attacks.

CVE-2023-24483: Improper privilege management flaw leading to privilege escalation to NT AUTHORITYSYSTEM. Impacts Citrix Virtual Apps and Desktops before 2212, 2203 LTSR before CU2, and 1912 LTSR before CU6.

NT AUTHORITYSYSTEM is the highest level of access privileges on Windows, and a user gaining that privilege can execute arbitrary code, access sensitive information, and modify system configurations without restrictions.

Thousands of Citrix servers vulnerable to patched critical flaws.


News URL

https://www.bleepingcomputer.com/news/security/citrix-fixes-severe-flaws-in-workspace-virtual-apps-and-desktops/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2023-24483 Improper Privilege Management vulnerability in Citrix Virtual Apps and Desktops
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
local
low complexity
citrix CWE-269
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 66 2 64 101 46 213