Citrix warns admins to manually mitigate PuTTY SSH client bug

Citrix warns admins to manually mitigate PuTTY SSH client bug

May 9, 2024 at 03:31PM

Citrix warned customers about a PuTTY SSH client vulnerability affecting XenCenter, allowing attackers to steal an admin’s private SSH key. The flaw, tracked as CVE-2024-31497, impacts multiple XenCenter versions for Citrix Hypervisor 8.2. The PuTTY component has been removed in XenCenter 8.2.6, and customers are advised to download the latest PuTTY version. CISA also ordered patching for other Citrix vulnerabilities.

Based on the meeting notes, the key points are:

1. Citrix notified customers about a PuTTY SSH client vulnerability impacting XenCenter for Citrix Hypervisor 8.2 CU1 LTSR.
2. The vulnerability, identified as CVE-2024-31497, allows attackers to steal a XenCenter admin’s private SSH key when using the “Open SSH Console” functionality.
3. Citrix has removed the PuTTY third-party component from XenCenter starting with version 8.2.6, and any versions after 8.2.7 will no longer include it.
4. Admins can mitigate the vulnerability by downloading the latest version of PuTTY and installing it in place of the version bundled with older XenCenter releases.
5. Customers who do not want to use the “Open SSH Console” functionality may remove the PuTTY component completely, while those who wish to maintain its usage should replace it with an updated version (with a version number of at least 0.81).
6. CISA ordered U.S. federal agencies to patch previous Citrix Netscaler vulnerabilities (CVE-2023-6548 and CVE-2023-6549) one day after Citrix warned they were actively exploited as zero-days.
7. A critical Netscaler flaw (CVE-2023-4966, dubbed Citrix Bleed) was exploited as a zero-day by multiple hacking groups to breach government organizations and high-profile tech companies before being patched in October.
8. The Health Sector Cybersecurity Coordination Center (HHS’ cybersecurity team) issued a sector-wide alert warning health organizations to secure NetScaler ADC and NetScaler Gateway instances against surging ransomware attacks.

These are the key takeaways from the meeting notes. Let me know if you need further clarification or details on any specific point.

Full Article