ISN 2023-12: Citrix Secure Access Client

Updated 28. August 2023 (releases with fix added)

First published 17 July 2023

CVSS 3.1: 9.6 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

A vulnerability was discovered in the Citrix Secure Access client, which affects the following IGEL products:

• IGEL OS 12
• IGEL OS 11

Details

Citrix Secure Access client is the client software that allows access to corporate data and applications through Citrix ADC. Versions before 23.5.2 are vulnerable to remote code execution when a user opens an attacker-crafted link and accepts further prompts. This vulnerability is classified as critical (9.6 score) and is being tracked as CVE-2023-24492.

Update Instructions

• OS 12: Update the Citrix Gateway EPA client app to version 23.6.2 BUILD 2.0
• OS 11: Update to OS 11.09.100 (available in September 2023)

References

• Citrix’s Security Bulletin: https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492