Citrix has released security advisories to address multiple high-severity vulnerabilities affecting Workspace, Virtual Apps, and Desktops. The vulnerabilities are assigned with CVE-2023-24483, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24486. On successful exploitation, these vulnerabilities can have severe consequences ranging from privilege escalation to session takeover.
Citrix products are used in various organizations worldwide for handling multiple operations. That is why organizations must patch these vulnerabilities quickly. CISA has published an alert about this vulnerability, warning organizations to fix it.
Citrix Virtual Apps and Desktops are virtualization solutions that provide access anywhere and for any device, while giving IT management over virtual machines, apps, licensing, and security.
Citrix Workspace is a digital workspace solution that offers unified and secure access to apps, desktops, and content (resources) from anywhere and on any device.
Description
CVE-2023-24483: Citrix Virtual Apps and Desktops Privilege Escalation Vulnerability
To exploit this vulnerability, an attacker must have local access to a Windows VDA as a standard Windows user. An attacker can exploit this improper privilege management flaw to elevate the privilege level to NT AUTHORITY\SYSTEM on vulnerable Citrix Virtual Apps and Desktops Windows VDA.
CVE-2023-24484: Citrix Workspace App Improper Access Control Vulnerability
With this improper access control flaw, an attacker can cause log files to be written to a directory that they do not possess the authority to write to. To exploit this vulnerability, an attacker must have local access to a system where a vulnerable version of the Citrix Workspace App for Windows is later installed.
CVE-2023-24485: Citrix Workspace App Privilege Escalation Vulnerability
An attacker can exploit this vulnerability to gain privilege escalation on the system running a vulnerable version of the Citrix Workspace app for Windows. To exploit this vulnerability, an attacker must have local user access to a system when a vulnerable version of the Citrix Workspace App for Windows is installed.
CVE-2023-24486: Citrix Workspace App for Linux Session Takeover Vulnerability
A malicious local user can exploit this vulnerability to gain access to another user’s Citrix Virtual Apps and Desktops session using the same computer from which the ICA session is launched. An attacker with local user access to a system where another user is utilizing a vulnerable version of Citrix Workspace App for Linux to launch published desktops and applications can exploit this vulnerability.
Affected versions
CVE-2023-24483 affects the following supported versions of Citrix Virtual Apps and Desktops:
Current Release (CR)
- Citrix Virtual Apps and Desktops versions before 2212
Long Term Service Release (LTSR)
- Citrix Virtual Apps and Desktops 2203 LTSR before CU2
- Citrix Virtual Apps and Desktops 1912 LTSR before CU6
CVE-2023-24484 and CVE-2023-24485 affect the following supported versions of the Citrix Workspace App for Windows:
- Citrix Workspace App versions before 2212
- Citrix Workspace App 2203 LTSR before CU2
- Citrix Workspace App 1912 LTSR before CU7 Hotfix 2 (19.12.7002)
CVE-2023-24486 affects all supported versions of the Citrix Workspace app for Linux before 2302. As per the advisory, “customers using Citrix Virtual Apps and Desktops Service using any of the vulnerable versions of Citrix Virtual Apps and Desktops Windows VDA are affected by this vulnerability.”
Mitigation
CVE-2023-24483 is fixed in the following versions:
- Citrix Virtual Apps and Desktops 2212 and later versions
- Citrix Virtual Apps and Desktops 2203 LTSR CU2 and later cumulative updates
- Citrix Virtual Apps and Desktops 1912 LTSR CU6 and later cumulative updates
CVE-2023-24484 and CVE-2023-24485 are fixed in the following versions:
- Citrix Workspace App 2212 and later
- Citrix Workspace App 2203 LTSR CU2 and later cumulative updates
- Citrix Workspace App 1912 LTSR CU7 Hotfix 2 (19.12.7002) and later cumulative updates
CVE-2023-24486 is fixed in the following versions:
- Citrix Workspace app for Linux 2302 and later
For more information, please refer to the Security Bulletin for CVE-2023-24483, CVE-2023-24484 & CVE-2023-24485, and CVE-2023-24486.
Qualys Detection
Qualys customers can scan their devices with QIDs 377989 and 377990 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://support.citrix.com/article/CTX477616/citrix-virtual-apps-and-desktops-security-bulletin-for-cve202324483
https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486
https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485