A significant vulnerability tracked as CVE-2024-3902, has been found in Citrix uberAgent, a monitoring tool for Citrix platforms. This flaw could allow attackers with network access to escalate their privileges, posing a severe risk to organizations using affected software versions. Citrix has issued an advisory for customers to update their software to version 7.1.2 or later immediately to mitigate this risk.
The vulnerability affects Citrix uberAgent versions before 7.1.2 and arises in specific configurations. It allows attackers to exploit uberAgent's data collection features, leading to possible privilege escalation. This occurs when there's at least one CitrixADC_Config entry combined with certain metrics like CitrixADCPerformance, CitrixADCvServer, CitrixADCGateways, or CitrixADCInventory. Additionally, for uberAgent versions 7.0 to 7.1.1, the vulnerability is triggered if WmiProvider is set to PowerShell with at least one CitrixSession metric configured.
Citrix recommends that customers using affected versions update to 7.1.2 or later immediately. If an update isn't possible, Citrix suggests disabling all Citrix ADC metrics by removing specific timer properties and changing the WmiProvider setting from PowerShell to WMIC or ensuring it's not configured. These steps can reduce the risk of exploitation until the software can be updated.
Customers should download and install the updated version of Citrix uberAgent from the company's website. Citrix has set up support channels for technical assistance and encourages customers to subscribe to security alerts to stay informed about any new security bulletins.
Citrix is working closely with customers and channel partners to resolve this issue. The company thanks Daniel Bachmann of Raiffeisen Schweiz for identifying the vulnerability and emphasizing the importance of collaborative security efforts. Citrix encourages customers to report any other potential security issues to ensure a swift response.
This vulnerability underscores the importance of regularly updating software to maintain security. Organizations using Citrix uberAgent should act swiftly to protect their systems by updating to the latest version or applying the recommended mitigation measures.
Hifza Eman
Content Writer
KaiRiz Cyber Technologies (SMC-Private Limited)
Post a Comment