/

CVE-2023-24488 Report - Details, Severity, & Advisorie...

CVE-2023-24488 Report - Details, Severity, & Advisories

Twingate Tea

May 13, 2024

CVE-2023-24488 is a medium-severity cross-site scripting vulnerability affecting Citrix ADC and Citrix Gateway systems. This security issue allows attackers to perform cross-site scripting on certain versions of these systems, specifically those configured as a Gateway or AAA virtual server. To protect your systems, it's essential to update to the latest software versions and follow the recommended mitigation steps.

How do I know if I'm affected?

To determine if you're affected by the CVE-2023-24488 vulnerability, you'll need to check if your system is running Citrix Gateway or Citrix Application Delivery Controller. Affected versions include Citrix Gateway 12.1 up to 12.1-65.35, 13.0 up to 13.0-90.11, and 13.1 up to 13.1-45.61. For Citrix Application Delivery Controller, impacted versions range from 12.1 up to 12.1-65.35 (for non-FIPS and non-NDCPP configurations), 12.1 up to 12.1-55.296 (for FIPS and NDCPP configurations), 13.0 up to 13.0-90.11, and 13.1 up to 13.1-45.61. Additionally, your appliance must be configured as a Gateway or AAA virtual server.

What should I do if I'm affected?

If you're affected by the CVE-2023-24488 vulnerability, promptly update your Citrix ADC or Citrix Gateway to the latest version. This will help protect your system from potential security issues. For further assistance, contact Citrix Technical Support.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-24488 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It is a cross-site scripting issue in Citrix ADC and Citrix Gateway, published in the National Vulnerability Database on July 10, 2023. There is no specified due date or required action provided, but updating to the latest software version is recommended to mitigate potential security risks.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-79 involves improper neutralization of input during web page generation, leading to cross-site scripting issues in Citrix ADC and Citrix Gateway systems.

For more details

CVE-2023-24488 is a cross-site scripting vulnerability in Citrix ADC and Citrix Gateway systems, with a medium severity rating. For a comprehensive understanding of this vulnerability, including its technical details and affected software configurations, refer to the NVD or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-24488 Report - Details, Severity, & Advisorie...

CVE-2023-24488 Report - Details, Severity, & Advisories

Twingate Tea

May 13, 2024

CVE-2023-24488 is a medium-severity cross-site scripting vulnerability affecting Citrix ADC and Citrix Gateway systems. This security issue allows attackers to perform cross-site scripting on certain versions of these systems, specifically those configured as a Gateway or AAA virtual server. To protect your systems, it's essential to update to the latest software versions and follow the recommended mitigation steps.

How do I know if I'm affected?

To determine if you're affected by the CVE-2023-24488 vulnerability, you'll need to check if your system is running Citrix Gateway or Citrix Application Delivery Controller. Affected versions include Citrix Gateway 12.1 up to 12.1-65.35, 13.0 up to 13.0-90.11, and 13.1 up to 13.1-45.61. For Citrix Application Delivery Controller, impacted versions range from 12.1 up to 12.1-65.35 (for non-FIPS and non-NDCPP configurations), 12.1 up to 12.1-55.296 (for FIPS and NDCPP configurations), 13.0 up to 13.0-90.11, and 13.1 up to 13.1-45.61. Additionally, your appliance must be configured as a Gateway or AAA virtual server.

What should I do if I'm affected?

If you're affected by the CVE-2023-24488 vulnerability, promptly update your Citrix ADC or Citrix Gateway to the latest version. This will help protect your system from potential security issues. For further assistance, contact Citrix Technical Support.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-24488 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It is a cross-site scripting issue in Citrix ADC and Citrix Gateway, published in the National Vulnerability Database on July 10, 2023. There is no specified due date or required action provided, but updating to the latest software version is recommended to mitigate potential security risks.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-79 involves improper neutralization of input during web page generation, leading to cross-site scripting issues in Citrix ADC and Citrix Gateway systems.

For more details

CVE-2023-24488 is a cross-site scripting vulnerability in Citrix ADC and Citrix Gateway systems, with a medium severity rating. For a comprehensive understanding of this vulnerability, including its technical details and affected software configurations, refer to the NVD or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-24488 Report - Details, Severity, & Advisories

Twingate Tea

May 13, 2024

CVE-2023-24488 is a medium-severity cross-site scripting vulnerability affecting Citrix ADC and Citrix Gateway systems. This security issue allows attackers to perform cross-site scripting on certain versions of these systems, specifically those configured as a Gateway or AAA virtual server. To protect your systems, it's essential to update to the latest software versions and follow the recommended mitigation steps.

How do I know if I'm affected?

To determine if you're affected by the CVE-2023-24488 vulnerability, you'll need to check if your system is running Citrix Gateway or Citrix Application Delivery Controller. Affected versions include Citrix Gateway 12.1 up to 12.1-65.35, 13.0 up to 13.0-90.11, and 13.1 up to 13.1-45.61. For Citrix Application Delivery Controller, impacted versions range from 12.1 up to 12.1-65.35 (for non-FIPS and non-NDCPP configurations), 12.1 up to 12.1-55.296 (for FIPS and NDCPP configurations), 13.0 up to 13.0-90.11, and 13.1 up to 13.1-45.61. Additionally, your appliance must be configured as a Gateway or AAA virtual server.

What should I do if I'm affected?

If you're affected by the CVE-2023-24488 vulnerability, promptly update your Citrix ADC or Citrix Gateway to the latest version. This will help protect your system from potential security issues. For further assistance, contact Citrix Technical Support.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-24488 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It is a cross-site scripting issue in Citrix ADC and Citrix Gateway, published in the National Vulnerability Database on July 10, 2023. There is no specified due date or required action provided, but updating to the latest software version is recommended to mitigate potential security risks.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-79 involves improper neutralization of input during web page generation, leading to cross-site scripting issues in Citrix ADC and Citrix Gateway systems.

For more details

CVE-2023-24488 is a cross-site scripting vulnerability in Citrix ADC and Citrix Gateway systems, with a medium severity rating. For a comprehensive understanding of this vulnerability, including its technical details and affected software configurations, refer to the NVD or the resources listed below.