Citrix Security Updates for Workspace Apps, Virtual Apps and Desktops - 20230215005¶
Overview¶
Citrix has released security updates to address high-severity vulnerabilities (CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483) in Citrix Workspace Apps, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Citrix security bulletins.
What is the vulnerability?¶
| CVE | CVSS | Severity |
|---|---|---|
| CVE-2023-24483 | 7.8 | High |
| CVE-2023-24484 | 5.5 | Medium |
| CVE-2023-24485 | 7.8 | High |
| CVE-2023-24486 | 5.5 | Medium |
Recommendation¶
Due to the report of active exploitation, it is strongly recommended to patch this vulnerability within 2 weeks across all affected platforms as per vendor instructions:
Additional References¶
- The latest version of Citrix Workspace app: https://www.citrix.com/downloads/workspace-app/windows/
- The latest LTSR version of Citrix Workspace app: https://www.citrix.com/downloads/workspace-app/workspace-app-for-windows-long-term-service-release/
- Citrix Workspace App 1912 LTSR before CU7 Hotfix 2 (19.12.7002): https://support.citrix.com/article/CTX473064/hotfix-citrix-workspace-app-for-windows-1912-ltsr-cu7-hotfix-2-19127002-english
- The latest versions of Citrix Virtual Apps and Desktops: https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/
- The latest version of Citrix Workspace app for Linux: https://www.citrix.com/downloads/workspace-app/linux/