Security News > 2024 > November > New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
2024-11-12 14:01
Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the
News URL
https://thehackernews.com/2024/11/new-flaws-in-citrix-virtual-apps-enable.html
Related news
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks (source)
- Samsung MagicINFO 9 Server RCE flaw now exploited in attacks (source)