Citrix Secure Access Client for Mac Security Bulletin for CVE-2025-1222 and CVE-2025-1223, CVE-2024-12284 & CVE-2024-6387.

A mix of Client, Console and SSH updates.

Hello

There are some CVE’s that have been pushed out via the Support website.

• Citrix Secure Access Client for Mac Security Bulletin for CVE-2025-1222 and CVE-2025-1223

• CVE-2024-12284, Console vulnerability

• CVE-2024-6387, OpenSSH issue update.

The following sections give the high-level points plus the support doc links.

Citrix Secure Access Client for Mac Security Bulletin for CVE-2025-1222 and CVE-2025-1223

Description of Problem

Vulnerabilities have been discovered in Citrix Secure Access Client for Mac. Refer to below for further details:

Affected Versions:

The following supported versions of Citrix Secure Access Client for Mac are affected:
Citrix Secure Access Client for Mac versions BEFORE 25.01.2

Summary:

Citrix Secure Access Client for Mac contains the vulnerabilities mentioned below

CVSS score.

The support doc is here

CVE-2024-12284, Console vulnerability

Description of Problem

A vulnerability has been discovered in NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. Refer to below for further details:

Affected Versions

The following supported versions of NetScaler Console and NetScaler Agent are affected:

• NetScaler Console 14.1 BEFORE  14.1-38.53

• NetScaler Console 13.1 BEFORE  13.1-56.18

• NetScaler Agent 14.1 BEFORE 14.1-38.53

• NetScaler Agent 13.1 BEFORE 13.1-56.18

This bulletin only applies to the customer-managed NetScaler Console and those that has NetScaler Console Agents deployed. Customers using Citrix-managed NetScaler Console Service do not need to take any action.

Summary

NetScaler Console contains the vulnerabilities mentioned below:

CVSS base score.

The support doc is here

CVE-2024-6387, OpenSSH issue update.

This update was initially announced last year. That said, the support references are living documents and they get updated as new information is found and added. Looking at the affected versions, the very latest releases are not impacted by this, you can see the versions here:

This looks to be an update on an old vulnerability from 2006!

Cloud Software Group is aware of the vulnerability CVE-2024-6387 impacting OpenSSH. Qualys has discovered a remote unauthenticated code execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. Because this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006, it is being referred to as regreSSHion. The vulnerability has been assigned the CVE identifier CVE-2024-6387.

Mitigation

Cloud Software Group strongly recommends that network traffic to the NetScaler ADC and NetScaler Gateway appliance’s management interface is separated, either physically or logically, from normal network traffic.

The full post is here