November 15, 2023 at 02:32PM
Citrix has released hotfixes for two vulnerabilities affecting Citrix Hypervisor. One of the vulnerabilities, known as “Reptar,” affects Intel CPUs and can lead to system instability, crashes, or privilege escalation. The other vulnerability allows malicious code in a guest virtual machine to compromise an AMD-based host. Instructions on applying the hotfix can be found on Citrix’s Knowledge Center webpage.
Key Takeaways:
1. Citrix has released hotfixes for two vulnerabilities affecting Citrix Hypervisor. One of them is the “Reptar” high-severity flaw that affects Intel CPUs for desktop and server systems.
2. The first vulnerability, tracked as CVE-2023-23583, impacts ‘Ice Lake’ (2019) and later processor generations. It is known as a ‘Redundant Prefix Issue’ and may lead to system instability, crashes, or privilege escalation.
3. Intel released microcode to correct the problem and recommends an immediate update. However, the probability of real-world exploitation for this vulnerability is low.
4. The second vulnerability, CVE-2023-46835, affects Citrix Hypervisor 8.2 CU1 LTSR. It can be exploited to compromise an AMD-based host through a passed-through PCI device.
5. The hotfixes address both vulnerabilities, and instructions on how to apply them can be found on the Citrix Knowledge Center webpage.