Description of Problem
A vulnerability has been discovered in the Citrix Secure Access client for Windows.
The following supported versions are affected by the vulnerability:
- Versions before 23.5.1.3
The issue has the following identifier:
A vulnerability has been discovered in the Citrix Secure Access client for Windows.
A vulnerability has been discovered in the Citrix Secure Access client for Windows.
The following supported versions are affected by the vulnerability:
The issue has the following identifier:
CVE ID | Description | Pre-requisites | CWE | CVSS |
---|---|---|---|---|
CVE-2023-24491 | Local Privilege escalation to NT AUTHORITY\SYSTEM | Access to an endpoint with Standard User Account that has the vulnerable client installed | CWE-269 | 7.8 |
This issue has been addressed in the following versions of the Citrix Secure Access client for Windows:
Citrix recommends that customers who are affected by the above vulnerability upgrade the Citrix Secure Access client for Windows installed on their endpoints by taking the following actions as soon as possible:
Check the versions of the Citrix Secure Access client for Windows that are being distributed by each Citrix ADC or Citrix Gateway instance. This can be done using either GUI (instructions at: https://www.citrix.com/downloads/citrix-gateway/plug-ins/citrix-secure-access-client-for-windows.html) or by viewing the file located at /var/netscaler/gui/vpn/pluginlist.xml. If it is a vulnerable version, customers must:
Information about the upgrade control feature is detailed at: https://docs.citrix.com/en-us/citrix-gateway/13/vpn-user-config/how-users-connect-with-gateway-plugin.html#control-upgrade-of-citrix-gateway-plug-ins
Customers must install the above-mentioned fixed client on their users' devices by downloading them from https://www.citrix.com/downloads/citrix-gateway/plug-ins/citrix-secure-access-client-for-windows.html
2023-07-11 T 14:30:00Z | Initial Publication |