CTX678025

by | Jul 9, 2024 | ALARM, ctx_workspace

Citrix Provisioning Security Bulletin CVE-2024-6150

Security Bulletin | Severity: Medium | Created: 09 Jul 2024 | Modified: 09 Jul 2024 | Status: Final

Applicable Products

  • Provisioning Services

Description of Problem

A vulnerability has been discovered that impacts Citrix Provisioning. Refer to below for further details: 

Affected Versions

The vulnerability affects the following supported versions of Citrix Provisioning

Current Release (CR)

  • Citrix Provisioning versions before 2402 

Long Term Service Release (LTSR)

  • Citrix Provisioning versions before 2203 LTSR CU5
  • Citrix Provisioning versions before 1912 LTSR CU9

Summary

Citrix Provisioning contains the vulnerability mentioned below 

CVE ID          DescriptionPre-requisites    CWECVSS
CVE-2024-6150A non-admin user can cause short-term disruption in Target VM availabilityAn attacker must have access to the PVSboot.ini fileCWE-284: Improper Access ControlCVSS v4.0 Base Score: 4.8(CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N) 

What Customers Should Do

Citrix strongly recommends that customers upgrade their Citrix Provisioning to versions that contain the fixes as soon as possible.  

Citrix Provisioning versions that contain the fixes are: 

Current Release (CR)

  • Citrix Provisioning 2402 and later versions 

Long Term Service Release (LTSR)

  • Citrix Provisioning 2203 LTSR CU5 and later versions
  • Citrix Provisioning 1912 LTSR CU9 and later versions

Bleiben Sie immer aktuell informiert!

Wenn Sie sich in unsere Mailingliste eintragen, werden Sie zukünftig direkt informiert, sobald ein Alarm oder eine Information erstellt wird. Verpassen Sie keine sicherheitskritischen Meldungen mehr und abonnieren den Newsletter noch heute.

Invalid email address
Bitte wählen Sie Ihre Kategorie(n).
Citrix
Nutanix
Weitere
Wir versprechen, Sie nicht zuzuspammen. Sie können sich jederzeit wieder abmelden.