CVE-2023-6549

Citrix warns admins to manually mitigate PuTTY SSH client bug By Sergiu Gatlan May 9, 2024 03:27 PM 0 Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key. XenCenter helps manage Citrix Hypervisor environments from a Windows desktop, including deploying and monitoring virtual machines. The security flaw (tracked as CVE-2024-31497) impacts multiple versions of XenCenter for Citrix Hypervis...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Just when you thought you had recovered from Bleed

Two vulnerabilities in NetScaler's ADC and Gateway products have been fixed – but not before criminals found and exploited them, according to the vendor. CVE-2023-6548 could allow remote code execution (RCE) in the appliances' management interface. It received a 5.5 CVSS rating, which is low for an RCE bug. One reason for this may be because it does require the attacker to be authenticated, albeit with low-level privileges, and they must have access to NetScaler IP (NSIP), Subnet IP (SNIP), or...