Citrix Session Recording Security Bulletin for CVE-2023-6184

book

Article ID: CTX583930

calendar_today

Updated On:

Description

A vulnerability has been discovered in Citrix Session Recording, which, if exploited, may result in an authenticated user being able to perform an RCE.

Affected Versions:

The following supported versions of Citrix Session Recording are affected by the vulnerability:

Current Release (CR)

Citrix Virtual Apps and Desktops before 2311

Long Term Service Release (LTSR)

Citrix Virtual Apps and Desktops 1912 LTSR before CU8 hotfix 19.12.8100.4
Citrix Virtual Apps and Desktops 2203 LTSR before CU4

Summary:

CVE ID	Description	Pre-requisites	CWE
CVE-2023-6184	An authenticated user can perform RCE	Attacker must possess admin privileges to the Session Recording server	CWE-913

Instructions

Cloud Software Group strongly urges affected customers of Citrix Session Recording to install the relevant updated versions of Citrix Session Recording as soon their upgrade schedule permits:

Current Release (CR)

Citrix Virtual Apps and Desktops 2311 and later

Long Term Service Release (LTSR)

Citrix Virtual Apps and Desktops 1912 LTSR CU8 hotfix 19.12.8100.4* and later
Citrix Virtual Apps and Desktops 2203 LTSR CU4 and later

Please use the following link for downloading the builds: https://www.citrix.com/downloads/

* Citrix Virtual Apps and Desktops 1912 LTSR CU8 hotfix 19.12.8100.4 is available to download at the following link: https://support.citrix.com/article/CTX587280

Acknowledgements

Cloud Software Group thanks Adam Kues and Shubham Shah of Assetnote for working with us to protect Cloud Software Group customers.

What Citrix is Doing

Citrix is notifying customers and channel partners about this potential security issue through the publication of this security bulletin on the Citrix Knowledge Center at https://support.citrix.com/securitybulletins.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.

Subscribe to Receive Alerts

Citrix strongly recommends that all customers subscribe to receive alerts when a Citrix security bulletin is created or modified at https://support.citrix.com/user/alerts.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please see the following webpage: https://www.citrix.com/about/trust-center/vulnerability-process.html.

Disclaimer

This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. Citrix reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document directly from the Citrix Knowledge Center.

Additional Information

2024-01-16 T 17:00:00Z	Initial Publication
2024-01-16 T 17:00:00Z	Added direct link to download the builds
2024-07-13 T 15:30:00Z	Platform migration

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"