WARNING: TWO MEDIUM-SEVERITY UNAUTHENTICATED REMOTE CODE EXECUTION VULNERABILITIES AFFECTING CITRIX VIRTUAL APPS AND DESKTOP CURRENT RELEASE (CR) AND LONG-TERM SERVICE RELEASE (LTSR), PATCH IMMEDIATELY!
CVE-2024-8068
CVSS:5.1 (CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)
CVE-2024-8069
CVSS:5.1 (CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)
Sources
Risques
Citrix Virtual Apps (formerly WinFrame, MetaFrame, Presentation Server and XenApp) is an application virtualization software produced by Citrix Systems that allows Windows applications to be accessed via individual devices from a shared server or cloud system.
It should be highlighted that the two current vulnerabilities only require low privileges to be exploited and no user interaction is necessary.
Description
CVE-2024-8068
Allows an unauthenticated attacker to perform Privilege Escalation to NetworkService account access.
CVE-2024-8069
Allows an unauthenticated attacker to perform Remote Code Execution with privilege of a NetworkService account access.
A Proof of Concept (PoC) for those 2 vulnerabilities has been developed by the ShadowServer Foundation. That followed the official announcement of the two vulnerabilities by Citrix and watchTowr.
Actions recommandées
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.