Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: TWO MEDIUM-SEVERITY UNAUTHENTICATED REMOTE CODE EXECUTION VULNERABILITIES AFFECTING CITRIX VIRTUAL APPS AND DESKTOP CURRENT RELEASE (CR) AND LONG-TERM SERVICE RELEASE (LTSR), PATCH IMMEDIATELY!
Image
Published : 14/11/2024
Reference:
Advisory #2024-264
Version:
1.0
Affected software:
Citrix Virtual Apps and Desktops 1912 LTSR before CU9 hotfix 19.12.9100.6
Citrix Virtual Apps and Desktops 2203 LTSR before CU5 hotfix 22.03.5100.11
Citrix Virtual Apps and Desktops 2402 LTSR before CU1 hotfix 24.02.1200.16
Citrix Virtual Apps and Desktops before 2407 hotfix 24.5.200.8 Current Release (CR)
Type:
Privilege escalation & Remote code execution
CVE/CVSS:
CVE-2024-8068
CVSS:5.1 (CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)CVE-2024-8069
CVSS:5.1 (CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)
Sources
Risks
Citrix Virtual Apps (formerly WinFrame, MetaFrame, Presentation Server and XenApp) is an application virtualization software produced by Citrix Systems that allows Windows applications to be accessed via individual devices from a shared server or cloud system.
It should be highlighted that the two current vulnerabilities only require low privileges to be exploited and no user interaction is necessary.
Description
CVE-2024-8068
Allows an unauthenticated attacker to perform Privilege Escalation to NetworkService account access.
CVE-2024-8069
Allows an unauthenticated attacker to perform Remote Code Execution with privilege of a NetworkService account access.
A Proof of Concept (PoC) for those 2 vulnerabilities has been developed by the ShadowServer Foundation. That followed the official announcement of the two vulnerabilities by Citrix and watchTowr.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.