Citrix Virtual Apps and Desktops : Questions regarding CVE-2024-2658

book

Article ID: CTX695108

calendar_today

Updated On:

Description

Citrix is not vulnerable to CVE-2024-2658, as the license servers do not use lmadmin.exe

Issue/Introduction

Flexera has released a public article regarding CVE-2024-2658. Quoted from the article:

A potential vulnerability has been identified in FlexNet Publisher affecting versions prior to 2024 R1 (11.19.6.0). This issue may allow local privilege escalation due to an uncontrolled search path element. We advise customers to upgrade their FlexNet Publisher lmadmin.exe and FlexNet Publisher to version 2024 R1 (11.19.6.0) where this issue has been resolved.

Producers potentially affected by this issue include:

1. Producers using lmadmin.exe prior to version 2024 R1 are affected by this vulnerability.
2. Producers utilizing the vendor daemon with secure communications (TLS communications) enabled prior to FlexNet Publisher version 2024 R1 are affected by this vulnerability.

Additional Information

Flexera Public Statement:

https://community.flexera.com/s/article/cve-2024-2658-flexnet-publisher-potential-local-privilege-escalation-issue

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"