• Insights

Citrix Provisioning Security Bulletin CVE-2024-6150

Jeff Silverman

< 1 min read

All Insights

Citrix Provisioning Security Bulletin CVE-2024-6150

Description of Problem

A vulnerability has been discovered that impacts Citrix Provisioning. Refer to below for further details:

Affected Versions

The vulnerability affects the following supported versions of Citrix Provisioning

Current Release (CR)

  • Citrix Provisioning versions before 2402

Long Term Service Release (LTSR)

  • Citrix Provisioning versions before 2203 LTSR CU5
  • Citrix Provisioning versions before 1912 LTSR CU9
Summary

Citrix Provisioning contains the vulnerability mentioned below

CVD-ID Description Pre-Requisites CWE CVSS
CVE-2024-6150 A non-admin user can cause short-term disruption in Target VM availability An attacker must have access to the PVSboot.ini file CWE-284: Improper Access Control CVSS v4.0 Base Score: 4.8
What Customers Should Do

Citrix strongly recommends that customers upgrade their Citrix Provisioning to versions that contain the fixes as soon as possible.

Citrix Provisioning versions that contain the fixes are:

Current Release (CR)

  • Citrix Provisioning 2402 and later versions

Long Term Service Release (LTSR)

  • Citrix Provisioning 2203 LTSR CU5 and later versions
  • Citrix Provisioning 1912 LTSR CU9 and later versions
More information

Security Lockhttps://support.citrix.com/article/CTX678025/citrix-provisioning-security-bulletin-cve20246150

For assistance from the Kraft Kennedy team, pleaseĀ contact us.