CVE-2023-24492: Code Injection
First published: Tue Jul 11 2023(Updated: )
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
Credit: secure@citrix.com secure@citrix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Secure Access client | <23.5.2 | |
| Canonical Ubuntu Linux |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-24492?
CVE-2023-24492 is a vulnerability discovered in the Citrix Secure Access client for Ubuntu, which could allow remote code execution.
How does CVE-2023-24492 work?
CVE-2023-24492 can be exploited when a victim user opens an attacker-crafted link and accepts further prompts, allowing the attacker to remotely execute code.
What is the severity of CVE-2023-24492?
CVE-2023-24492 has a severity rating of critical with a CVSS score of 8.8.
What versions of Citrix Secure Access client for Ubuntu are affected?
Versions up to exclusive 23.5.2 of Citrix Secure Access client for Ubuntu are affected by CVE-2023-24492.
How can I fix CVE-2023-24492?
To fix CVE-2023-24492, update your Citrix Secure Access client for Ubuntu to a version higher than 23.5.2.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/event
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/citrix
- canonical/citrix secure access client
- vendor/canonical
- canonical/canonical ubuntu linux