IntelBroker Hacker Claims Breach of Top Cybersecurity Firm, Selling Access
May 12, 2024
New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation
May 25, 2024

Citrix Releases Security Update For Critical PuTTY Vulnerability In Hypervisor 

There is a critical vulnerability (CVE-2024-31497) in certain versions of Citrix’s Hypervisor virtualization platform that has been disclosed in a security bulletin from Citrix. An issue that stems from XenCenter, the management console for Citrix Hypervisors, has been identified, containing a vulnerable version of PuTTY SSH.Previous versions of XenCenter for Citrix Hypervisor 8.2 CU1 Long Term Service Release (LTSR) included PuTTY for SSH connections between XenCenter and the guest virtual machines.
The NIST P-521 curve was used by PuTTY before 0.81 to generate ECDSA encryption keys.The vulnerability could allow an attacker who controls a guest VM to determine the SSH private key of the XenCenter administrator who authenticates to the compromised VM over SSH.

Related posts

August 29, 2024

China’s Volt Typhoon Hackers Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.