Citrix Session Recording Security Bulletin for CVE-2023-6184
Issue
A vulnerability has been discovered in Citrix Session Recording, which, if exploited, may result in an authenticated user being able to perform an RCE.
| CVD-ID | Description | Pre-Requisites | CWE | CVSS |
| CVE-2023-6184 | An authenticated user can perform RCE | Attacker must possess admin privileges to the Session Recording server | CWE-913 | 5 |
Additional Information
The following supported versions of Citrix Session Recording are affected by the vulnerability:
Current Release (CR)
- Citrix Virtual Apps and Desktops before 2311
Long Term Service Release (LTSR)
- Citrix Virtual Apps and Desktops 1912 LTSR before CU8 hotfix 19.12.8100.4
- Citrix Virtual Apps and Desktops 2203 LTSR before CU4
Recommended Action
Cloud Software Group strongly urges affected customers of Citrix Session Recording to install the relevant updated versions of Citrix Session Recording as soon their upgrade schedule permits:
Current Release (CR)
- Citrix Virtual Apps and Desktops 2311 and later
Long Term Service Release (LTSR)
- Citrix Virtual Apps and Desktops 1912 LTSR CU8 hotfix 19.12.8100.4* and later
- Citrix Virtual Apps and Desktops 2203 LTSR CU4 and later
Please use this link for downloading the builds:
* Citrix Virtual Apps and Desktops 1912 LTSR CU8 hotfix 19.12.8100.4 is available to download here.
More information
For assistance from the Kraft Kennedy team, please contact us.