• Insights

Citrix Session Recording Security Bulletin for CVE-2023-6184

Jeff Silverman

< 1 min read

All Insights

Citrix Session Recording Security Bulletin for CVE-2023-6184

Issue

A vulnerability has been discovered in Citrix Session Recording, which, if exploited, may result in an authenticated user being able to perform an RCE.

CVD-ID Description Pre-Requisites CWE CVSS
CVE-2023-6184 An authenticated user can perform RCE Attacker must possess admin privileges to the Session Recording server CWE-913 5
Additional Information

The following supported versions of Citrix Session Recording are affected by the vulnerability:

Current Release (CR)

  • Citrix Virtual Apps and Desktops before 2311

Long Term Service Release (LTSR)

  • Citrix Virtual Apps and Desktops 1912 LTSR before CU8 hotfix 19.12.8100.4
  • Citrix Virtual Apps and Desktops 2203 LTSR before CU4
Recommended Action

Cloud Software Group strongly urges affected customers of Citrix Session Recording to install the relevant updated versions of Citrix Session Recording as soon their upgrade schedule permits:

Current Release (CR)

  • Citrix Virtual Apps and Desktops 2311 and later

Long Term Service Release (LTSR)

  • Citrix Virtual Apps and Desktops 1912 LTSR CU8 hotfix 19.12.8100.4* and later
  • Citrix Virtual Apps and Desktops 2203 LTSR CU4 and later

Please use this link for downloading the builds:

* Citrix Virtual Apps and Desktops 1912 LTSR CU8 hotfix 19.12.8100.4 is available to download here.

More information

https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184

For assistance from the Kraft Kennedy team, pleaseĀ contact us.