9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Multiple sources report that two bugs at Citrix are still being actively exploited. You’re almost an old acquaintance now. Two flaws in Citrix products are still being exploited
Multiple sources report that two bugs at Citrix are still being actively exploited. You’re almost an old acquaintance now.
Two flaws in Citrix products are still being exploited by cybercriminals. However, the company has already released patches for these vulnerabilities.
The first bug in question received the code CVE-2023-24489. She scores a 9.8 on the CVSS scale, which is very serious. This vulnerability is found in ShareFile, a Citrix product for sharing, synchronizing or collaborating on files and content. The system is also used to store data on-premises or in the cloud.
These flaws allow attackers to remotely take control of the system’s memory zones. The vulnerability exists in all versions prior to release 5.11.24. Citrix has since published an overview with advice and updates. This only applies to companies that check their storage zones themselves. Whoever does this via the cloud does not have to take any steps. Meanwhile, CVE-2023-24489 has also landed on the radar of the US Cybersecurity and Infrastructure Security Agency.
We previously reported bug number two: CVE-2023-3519. This vulnerability affects Citrix Netscaler products ADC and Gateway, software for managing access to networks. Again, this still poses a serious threat, with a CVSS score of 9.8 as well.
Citrix released patches and advisories for this some time ago, along with those for two other bugs, but apparently administrators and other users still haven’t updated sufficiently. That means attackers can still execute malicious code remotely. It should come as no surprise that this error is also known to CISA.
It’s an anvil that we keep banging on until it wears off. We update your systems as soon as possible and whenever a new one is available. CISA has given affected US agencies until September 6 to fix patches and updates, but haste and urgency are good in such cases.
No system is watertight and vulnerabilities are always a possible reality. Companies like Citrix can offer advice and provide updates, but ultimately it’s the administrators and users who have to deal with it.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
