Citrix has issued a warning to its users about a significant vulnerability in the PuTTY SSH client bundled with XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which could potentially allow attackers to access private SSH keys of XenCenter administrators. The vulnerability, identified as CVE-2024-31497, affects several versions of XenCenter that use PuTTY for SSH connections to guest VMs. Citrix recommends that users update or remove the compromised PuTTY component to mitigate the risk.
Details of the Vulnerability
The vulnerability arises from the method older versions of the PuTTY SSH client use to generate ECDSA nonces for the NIST P-521 curve, a key process in authentication. This flaw could potentially be exploited, under specific conditions, to allow an attacker with control over a guest VM to deduce the SSH private key of a XenCenter administrator. The issue was discovered by researchers Fabian Bäumer and Marcus Brinkmann from Ruhr University Bochum.
We found a critical vulnerability in #PuTTY SSH client with NIST P-521 keys, that allows private key recovery from only 60 signatures, CVE-2024-31497! If you use #Putty or #Filezilla with ECDSA P-521, upgrade now and generate a new key! Joint work with @TrueSkrillor, details ⬇️
— Marcus Brinkmann (@lambdafu) April 15, 2024
Mitigation and Recommendations
In response to this security issue, Citrix has eliminated the PuTTY third-party component from XenCenter starting with version 8.2.6, and subsequent versions from 8.2.7 onwards no longer include it. For users operating affected versions, Citrix advises downloading the latest version of PuTTY and installing it to replace the bundled version in older XenCenter releases. Alternatively, customers who do not use the “Open SSH Console” feature can completely remove the PuTTY component. Citrix stresses the importance of updating to at least version 0.81 of PuTTY to maintain security.
In the broader context, Citrix has also been addressing other security vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) required federal agencies to patch specific vulnerabilities in Citrix Netscaler that were actively being exploited. Additionally, a critical flaw in Netscaler, known as Citrix Bleed, was used by various hacking groups in attacks against government entities and major tech companies, underscoring the persistent cybersecurity challenges facing Citrix products and services.
Last Updated on November 7, 2024 8:35 pm CET