Ethical Hacking News
Citrix's Virtual Apps and Desktops solution has been hit with a new security vulnerability that allows attackers to gain unauthorized access to sensitive data and escalate privileges on the system. The vulnerability, identified as CVE-2024-8068, is considered serious and organizations should take immediate action to patch their systems.
Citrix has identified a severe security vulnerability in its Virtual Apps and Desktops (VAD) solution, CVE-2024-8068, with a CVSS score of 5.1.The vulnerability is a privilege escalation flaw that allows an attacker to access a NetworkService account without authentication.The issue lies in Citrix's Session Recording Manager feature, which uses Microsoft Message Queuing (MSMQ) service to send session recordings.Exploiting the vulnerability could allow an attacker to impersonate any user, including administrators, and monitor their behavior without being detected.Citrix has released a security advisory with hotfixes for affected versions of its software, but some researchers question the severity of the vulnerability.Security experts urge organizations to install the hotfixes and patch their systems immediately due to the release of exploit code for the vulnerability.
Citrix, a leading provider of virtualization software, has recently faced a serious security vulnerability that could compromise the integrity of its Virtual Apps and Desktops (VAD) solution. The vulnerability, identified as CVE-2024-8068 with a CVSS score of 5.1, is a privilege escalation flaw that allows an attacker to access a NetworkService account without authentication.
The vulnerability lies in Citrix's Session Recording Manager feature, which records video streams and keystrokes from user sessions. According to watchTowr, a researcher who discovered the vulnerability, the issue arises from the use of Microsoft Message Queuing (MSMQ) service to send session recordings to a centralized database. The MSMQ service allows two processes to communicate via a queue, but also introduces serialization issues that can be exploited by an attacker.
The primary concern with this vulnerability is that it allows an attacker to impersonate any user, including administrators, and monitor their behavior without being detected. This could lead to serious consequences for organizations that use Citrix VAD, as it would enable attackers to gain unauthorized access to sensitive data and potentially escalate privileges on the system.
Citrix has acknowledged the vulnerability and released a security advisory with hotfixes for affected versions of its software. However, the vendor's statement on the issue downplays the severity of the vulnerability, which has led some researchers to express skepticism about Citrix's assessment. watchTowr, the researcher who discovered the vulnerability, argues that it is much more severe than Citrix suggests.
"We're telling you this is not an unauthenticated RCE," said watchTowr spokesperson in a statement. "It is an authenticated RCE that can be done only as a NetworkService account."
The release of exploit code for the vulnerability has raised concerns among security experts, who are urging organizations to install the hotfixes and patch their systems immediately.
Citrix's decision to enable MSMQ over HTTP, despite the fact that it is typically disabled by default, has also been questioned. "Perhaps some developer accidentally enabled it, committed the code, and forgot about it," said watchTowr's Sina Kheirkhah. "We'll leave the root-cause-analysis to Citrix themselves."
In response to the vulnerability, Citrix plans to publish a blog later today outlining its position on the issue.
In conclusion, the Citrix Virtual Apps and Desktops vulnerability is a serious security threat that could compromise the integrity of enterprise networks. Organizations that use this solution need to take immediate action to patch their systems and install hotfixes to prevent potential attacks.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/11/12/http_citrix_vuln/
https://nvd.nist.gov/vuln/detail/CVE-2024-8068
https://www.cvedetails.com/cve/CVE-2024-8068/
Published: Tue Nov 12 12:44:58 2024 by llama3.2 3B Q4_K_M
