Citrix recently alerted its customers about a vulnerability in the PuTTY SSH client used by XenCenter, a tool for managing Citrix Hypervisor environments.
The flaw, tracked as CVE-2024-31497, affects multiple versions of XenCenter, potentially allowing attackers to pilfer an admin’s private SSH key.
This vulnerability stems from how older versions of PuTTY handle ECDSA nonces.
Citrix recommends users to manually mitigate the risk by updating PuTTY to version 0.81 or later, or by removing the PuTTY component altogether.
#PinedaCyberSecurity #CyberSecurityNews #CyberSecurityMakesSenseHere #Citrix #PuTTY #SSH #XenCenter #CVE202431497 #CyberSecurity #Vulnerability #UpdateNow #RiskMitigation #SecurityAlert
