• Insights

Cloud Software Group Security Advisory for CVE-2024-3661

Jeff Silverman

< 1 min read

All Insights

Cloud Software Group Security Advisory for CVE-2024-3661

Advisory

Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN.

Please find below the impact status:

Citrix Secure Access client for Windows
  • Status: Not impacted
Citrix Secure Access client for Android
  • Status: Not impacted
Citrix Secure Access client for Linux
  • Status: Impacted – A fix addressing this issue will be released in an upcoming release.
Citrix Secure Access client for Mac/iOS
  • Customers using MDM (Mobile Device Management):
    • Status: Impacted
    • Recommendation:
      • Install the latest update listed below as soon as possible to reduce the risk of exploitation: 24.06.1
      • AND
      • set ‘EnforceRoutes’ to ‘1’ in the managed VPN configuration
      • Mitigating factors/Workaround:
        • Configure the settings listed below to reduce the risk of exploitation:
        • set ‘EnforceRoutes’ to ‘1’ in the managed VPN configuration and Local LAN access to ‘OFF’ on the Gateway
  • Customers not using MDM (Mobile Device Management):
    • Status: Impacted
    •  Recommendation:
      • Install the latest update listed below as soon as possible to reduce the risk of exploitation: 24.06.1
    • Mitigating factors/Workaround:
        • Configure the settings listed below to reduce the risk of exploitation:
          • set Local LAN access to ‘OFF’ on the Gateway
More information

Security Lockhttps://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661

For assistance from the Kraft Kennedy team, please contact us.