Title

Multiple Vulnerabilities in Citrix Access Gateway Plug-in for Windows (Cat II impact)

Discussion

Citrix has addressed multiple vulnerabilities affecting the ActiveX based component of the Access Gateway Enterprise Edition Plug-in for Windows. The Citrix Access Gateway Plug-in for Windows provides secure remote access to virtual desktops and applications. To exploit these vulnerabilities, a remote attacker would entice a user to view a malicious webpage. If successfully exploited, these vulnerabilities would allow a remote attacker to execute arbitrary code in the context of the affected application that uses the ActiveX control.

Check Content

See IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: Citrix Access Gateway Enterprise Edition Plug-in for Windows 10.0 prior to 10.0-69.4 Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.3 prior to 9.3-57.5 Verify the application's version number by using Help, About or similar menu selections. Ensure the Application/System version is at least the version listed below. Citrix Access Gateway Enterprise Edition Plug-in for Windows 10.0 to 10.0-69.4 or later Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.3 to 9.3-57.5 or later Windows - Alternately, verify the version through the Support information link for the program in Add or Remove Programs or Programs and Features (Vista Forward). To expose the version column in Programs and Features right click somewhere in the column headers, select More and select Version.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-33661

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.