Citrix Warns Customers of PuTTY SSH Client Flaw in XenCenter System
Citrix has issued a warning to its customers regarding a security flaw in the PuTTY SSH client that could allow attackers to steal a XenCenter admin’s private SSH key. The flaw, identified as CVE-2024-31497, affects multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR that include PuTTY.
The vulnerability, discovered by researchers Fabian Bäumer and Marcus Brinkmann from the Ruhr University Bochum, resides in the code that generates signatures from ECDSA private keys using the NIST P521 curve. An attacker could exploit this vulnerability to recover NIST P-521 private keys.
Citrix recommends that customers manually address this issue by updating the PuTTY version installed on their XenCenter system to at least version 0.81. The affected products include FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, which have also released updates to fix the flaw.
Users of products or components using ECDSA NIST-P521 keys impacted by CVE-2024-31497 are advised to revoke those keys from authorized_keys, GitHub repositories, and any other relevant platforms.
For more cybersecurity news and updates, follow SecurityAffairs on Twitter (@securityaffairs) and Facebook.
By SecurityAffairs (hacking, Citrix)