Critical Remote Code Execution Vulnerability in Citrix ADC (CVE-2023-24492)

Advisory No: TZCERT/SA/2023/07/14-02

Date of First Release: 14^th July 2023

Source: Citrix

Software Affected: Citrix ADC

Overview:

Citrix has released security patches to address a critical vulnerability affecting the secure access client for Ubuntu. The vulnerability could allow an attacker to execute arbitrary code.

Description:

Citrix Secure Access client for Ubuntu is affected with remote code execution vulnerability. The vulnerability allows an elevated privilege access to the attacker with access to vulnerable client. A victim user must open an attacker-crafted link and accept further prompts.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

Citrix has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492
2. https://securityaffairs.com/148405/security/citrix-critical-flaw-secure-access-client-for-ubuntu.html
3. https://digital.nhs.uk/cyber-alerts/2023/cc-4353