Citrix Workspace app for Mac Security Bulletin for CVE-2024-7549

Citrix Workspace app for Mac Security Bulletin for CVE-2024-7549

by | Okt 8, 2024 | ctx_workspace

Description of Problem

A vulnerability has been discovered in Citrix Workspace app for Mac, which, if exploited, may result in a session hijack of a user who is authenticated on cloud stores.

Affected Versions: 

The following supported versions of Citrix Workspace app for Mac are affected by the vulnerability: 
Citrix Workspace app for Mac before 2409


Summary: 

CVE ID    DescriptionPre-requisites    CWECVSS
CVE-2024-7549Possible  session hijack of a  user who is authenticated on cloud storeCitrix Workspace app authenticated user using cloud store may be impacted when:Accessing SaaS/Web appOR Accessing CVAD apps or desktops using Custom Workspace URLCWE-287: Improper AuthenticationCVSS v4.0 Base Score: 6.9(CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) 

What Customers Should Do

Cloud Software Group strongly urges affected customers of Citrix Workspace app for Mac to install the relevant updated versions of Citrix Workspace app for Mac as soon as possible: 

  • Citrix Workspace app for Mac 2409 and later

Track the CVE on the original Citrix article: https://support.citrix.com/s/article/CTX691484-citrix-workspace-app-for-mac-security-bulletin-for-cve20247549

Kein Citrix Push auf Android Devices

Kein Citrix Push auf Android Devices

by | Okt 7, 2024 | ALARM, ctx_adc

Aufgrund einer Umstellung vom GCM auf das FCM Protokoll (Firebase Cloud Messaging HTTP Protocol) ist ein Push für Android-Geräte welche vor dem 20. Juli 2024 registriert wurden nicht mehr möglich.

Betroffene Benutzer müssen sich neu ausrollen um wieder Push-Notifications zu erhalten. Es gibt auch keinen automatischen Migrationsweg.

Siehe Citrix Artikel:
https://support.citrix.com/s/article/CTX691804-migration-of-android-devices-registered-via-gcm-to-fcm?language=en_US

Migration of Android Devices registered via GCM to FCM

Title

Migration of Android Devices registered via GCM to FCM

CTX Number

CTX691804

Article Type

Problem Solution

Created Date

4/Oct/2024

Last Modified Date

4/Oct/2024

Symptoms or Error

There is no automatic update from Azure Notification Hub or Google Push Notification Service to migrate Android clients from the FCM legacy protocol to the latest FCMv1 protocol. As a result, affected users will need to manually re-register their devices with NetScaler Gateway. Please refer to the “Re-register your Android device” Section for detailed instructions on how to complete the re-registration.

Workaround: Users can fallback to the TOTP authentication method until their devices are re-registered.

Solution

In this article we are going to share how to Migrate Android Devices registered via GCM registration template to FCM registration template

Android devices registered for the Push Notification Service before July 20, 2024, will no longer receive push notifications from September 20 2024.

This change only affects Android devices registered with the NetScaler Push Solution and does not impact iPhone devices.

Android devices registered with the NetScaler solution on or after July 20, 2024, will not be affected by this change.

Re-register your Android device

Users are required to re-register their devices with NetScaler Gateway to enable push notification functionality. Please note that different organizations may have varying methods for accessing the registration FQDN. Therefore, affected users are advised to contact their respective administrators for assistance in reaching the correct registration FQDN. Below is a sample process for re-registration.

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 – Denial of Service

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 – Denial of Service

by | Jan 16, 2024 | ALARM, ctx_adc

Description of Problem

Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).

Affected Versions: 

The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities: 

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
  • NetScaler ADC 13.1-FIPS before 13.1-37.176
  • NetScaler ADC 12.1-FIPS before 12.1-55.302
  • NetScaler ADC 12.1-NDcPP before 12.1-55.302

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.

This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway products. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action.

Summary: 

NetScaler ADC and NetScaler Gateway contain the vulnerabilities described below. 

CVE IDDescriptionPre-requisitesCWECVSS
CVE-2023-6548Authenticated (low privileged) remote code execution on Management InterfaceAccess to NSIP, CLIP or SNIP with management interface accessCWE-945.5
CVE-2023-6549Denial of ServiceAppliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual serverCWE-1198.2

Mitigating Factors

CVE- 2023- 6548 only impacts the management interface. Cloud Software Group strongly recommends that network traffic to the appliance’s management interface is separated, either physically or logically, from normal network traffic. In addition, we recommend that you do not expose the management interface to the internet, as explained in the secure deployment guide. Removing such exposure to the internet greatly reduces the risk of exploitation of this issue. See NetScaler secure deployment guide ( https://docs.citrix.com/en-us/citrix-adc/citrix-adc-secure-deployment/secure-deployment-guide.html) for more information.

What Customers Should Do

Exploits of these CVEs on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible. 

  • NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
  • NetScaler ADC and NetScaler Gateway  13.1-51.15 and later releases of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0  
  • NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS  
  • NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS  
  • NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP 

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL). Customers are recommended to upgrade their appliances to one supported version that addresses the vulnerabilities. 

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 – Denial of Service

ShareFile StorageZones Controller Security Update for CVE-2023-24489

by | Aug 18, 2023 | ALARM, ctx_adc, ctx_workspace

Description of Problem

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.

This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24.

This bulletin only applies to customer-managed ShareFile storage zones controllers. Customers using ShareFile-managed storage zones in the cloud do not need to take any action.

The issue has been given the following identifier: 

CVE IDAffected ProductsDescriptionPre-requisitesCWECVSS
CVE-2023-24489Citrix Content CollaborationImproper resource control allows unauthenticated remote compromiseNetwork access to the ShareFile storage zones controllerCWE-2849.1

What Customers Should Do

This issue has been addressed in the following versions of the customer-managed ShareFile storage zones controller:

  • ShareFile storage zones controller 5.11.24 and later versions

Customers are required to upgrade to the fixed version.  

The latest version of ShareFile storage zones controller is available from the following location:

https://www.citrix.com/downloads/sharefile/product-software/sharefile-storagezones-controller-511.html

Instructions for upgrading the Storage Zones Controller are here:

https://docs.sharefile.com/en-us/storage-zones-controller/5-0/upgrade.html

All customer-managed ShareFile storage zones controllers versions prior to the latest version 5.11.24 have been blocked to protect our customers. Customers will be able to reinstate the storage zones controller once the update to 5.11.24 is applied.

Customers should shut down any machine that was running an affected version of the storage zones controller software.

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 – Denial of Service

Citrix ADC NetScaler and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467

by | Jul 18, 2023 | ALARM, ctx_adc

Es wird empfohlen das Update sobald wie möglich einzuspielen!

Description of Problem

Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).

The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities: 

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13 
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13 
  • NetScaler ADC 13.1-FIPS before 13.1-37.159
  • NetScaler ADC 12.1-FIPS before 12.1-65.36 
  • NetScaler ADC 12.1-NDcPP before 12.65.36 

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.

This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action. 

CVE IDAffected ProductsDescriptionPre-requisitesCWECVSS
CVE-2023-3466Citrix ADCReflected Cross-Site Scripting (XSS)Requires victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NSIPCWE-208.3
CVE-2023-3467Citrix ADCPrivilege Escalation to root administrator (nsroot)Authenticated access to NSIP or SNIP with management interface accessCWE-2698
CVE-2023-3519Citrix ADCUnauthenticated remote code executionAppliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual serverCWE-949.8

What Customers Should Do

Exploits of CVE-2023-3519 on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible. 

  • NetScaler ADC and NetScaler Gateway 13.1-49.13  and later releases
  • NetScaler ADC and NetScaler Gateway 13.0-91.13  and later releases of 13.0  
  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS  
  • NetScaler ADC 12.1-FIPS 12.1-65.36 and later releases of 12.1-FIPS  
  • NetScaler ADC 12.1-NDcPP 12.1-65.36 and later releases of 12.1-NDcPP 

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL). Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities.