Citrix uberAgent Update for Privilege Escalation Vulnerability (CVE-2024-3902)

CVE-2024-3902

Citrix has released an urgent security advisory regarding a vulnerability (CVE-2024-3902) discovered in its uberAgent software. This vulnerability, which has a CVSS score of 7.3 (High), could allow attackers to escalate their privileges within affected systems. Successful exploitation could lead to compromised user accounts and potentially wider system access.

CVE-2024-3902

What is Citrix uberAgent?

Citrix uberAgent is a specialized tool used within Citrix deployments and other virtualized environments. It offers in-depth user experience monitoring and security analytics, providing IT teams with visibility into system performance and potential threats.

Affected Versions

The following versions of Citrix uberAgent are affected:

  • All versions of Citrix uberAgent before 7.1.2

Important Note: This vulnerability specifically impacts Citrix uberAgent. No other Citrix products are affected.

How the Vulnerability Works

While detailed technical analysis is pending, Citrix has confirmed that the vulnerability requires specific pre-conditions to be met, including:

  • At least one configured CitrixADC metric
  • Specific Citrix session metrics configured (for versions 7.0 – 7.1.1)

Mitigations and Urgent Action

Citrix has released patched versions of uberAgent. Organizations using the affected software should immediately upgrade to version 7.1.2 or later.

If an immediate upgrade is impossible, Citrix has provided mitigating steps to reduce the risk of exploitation:

  • Disable CitrixADC Metrics
  • Adjust WMI Provider Settings (for specific versions)

Full mitigation instructions are available in the official Citrix security advisory.