HomeWinBuzzer NewsCitrix: Update XenCenter to Address PuTTY SSH Vulnerability

Citrix: Update XenCenter to Address PuTTY SSH Vulnerability

The flaw could be exploited under certain conditions, allowing an attacker with control over a guest VM to deduce the SSH private key.


Citrix has issued a warning to its users about a significant vulnerability in the PuTTY SSH client bundled with XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which could potentially allow attackers to access private SSH keys of XenCenter administrators. The vulnerability, identified as CVE-2024-31497, affects several versions of XenCenter that use PuTTY for SSH connections to guest VMs. Citrix recommends that users update or remove the compromised PuTTY component to mitigate the risk.

Details of the Vulnerability

The vulnerability arises from the method older versions of the PuTTY SSH client use to generate ECDSA nonces for the NIST P-521 curve, a key process in authentication. This flaw could potentially be exploited, under specific conditions, to allow an attacker with control over a guest VM to deduce the SSH private key of a XenCenter administrator. The issue was discovered by researchers Fabian Bäumer and Marcus Brinkmann from Ruhr University Bochum.

Mitigation and Recommendations

In response to this security issue, Citrix has eliminated the PuTTY third-party component from XenCenter starting with version 8.2.6, and subsequent versions from 8.2.7 onwards no longer include it. For users operating affected versions, Citrix advises downloading the latest version of PuTTY and installing it to replace the bundled version in older XenCenter releases. Alternatively, customers who do not use the “Open SSH Console” feature can completely remove the PuTTY component. Citrix stresses the importance of updating to at least version 0.81 of PuTTY to maintain security.

In the broader context, Citrix has also been addressing other security vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) required federal agencies to patch specific vulnerabilities in Citrix Netscaler that were actively being exploited. Additionally, a critical flaw in Netscaler, known as Citrix Bleed, was used by various hacking groups in attacks against government entities and major , underscoring the persistent challenges facing Citrix products and services.

Markus Kasanmascheff
Markus Kasanmascheff
Markus is the founder of WinBuzzer and has been playing with Windows and technology for more than 25 years. He is holding a Master´s degree in International Economics and previously worked as Lead Windows Expert for Softonic.com.