Citrix Updates Multiple Products - 20240710005¶
Overview¶
Citrix has released security updates to address vulnerabilities in multiple products. Please see the below list of affected products, as well as the vendor published advisory including affected versions and recommendations.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE # | CVSS v4/v3 | Severity |
|---|---|---|---|---|
| NetScaler ADC and NetScaler Gateway | Vendor noted versions | CVE-2024-5491 CVE-2024-5492 | 7.1 5.1 | High Medium |
| NetScaler Console, Agent and SVM | Vendor noted versions | CVE-2024-6235 CVE-2024-6236 | 9.4 7.1 | Critical High |
| Citrix Workspace app for HTML5 | Vendor noted versions | CVE-2024-6148 CVE-2024-6149 | 5.3 4.8 | Medium Medium |
| Citrix Provisioning | Vendor noted versions | CVE-2024-6150 | 4.8 | Medium |
| Windows Virtual Delivery Agent for CVAD and Citrix DaaS | Vendor noted versions | CVE-2024-6151 | 8.5 | High |
| Citrix Workspace app for Windows | Vendor noted versions | CVE-2024-6286 | 8.5 | High |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 Hours... (refer Patch Management):