Hand-Picked Top-Read Stories

How to obtain a Citrix Invoice

42 views

CVAD – Constant grey screen when launching ICA session to VDA 2311 on Windows Server 2022 on Vmware

44 views

Pre-configure the Store-URL in the “Citrix Workspace App” for MAC

48 views

Trending Tags

VMware Virtualisation

269 views

2 minute read

VMSA-2023-0017

15 August 2023

Moderate

Advisory ID:
VMSA-2023-0017

CVSSv3 Range:
5.3

Issue Date:
2023-08-03

Updated On:
2023-08-03 (Initial Advisory)

CVE(s):
CVE-2023-34037, CVE-2023-34038

Synopsis:
VMware Horizon Server updates address multiple security vulnerabilities (CVE-2023-34037, CVE-2023-34038)

1. Impacted Products

VMware Horizon Server

2. Introduction

Multiple vulnerabilities in VMware Horizon Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

3a. Request smuggling vulnerability (CVE-2023-34037)

Description

VMware Horizon Server contains a HTTP request smuggling vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Known Attack Vectors

A malicious actor with network access may be able to perform HTTP smuggle requests.

Resolution

To remediate CVE-2023-34037 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Ricter Z, and Matt Landers of OccamSec for independently reporting this issue to us.

3b. Information disclosure vulnerability (CVE-2023-34038)

Description

VMware Horizon Server contains an information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Known Attack Vectors

A malicious actor with network access may be able to access information relating to the internal network configuration.

Resolution

To remediate CVE-2023-34038 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Matt Landers of OccamSec for reporting this issue to us.

Response Matrix

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Horizon Server	2306	Any	N/A	N/A	N/A	Unaffected	N/A	N/A
VMware Horizon Server	2303	Any	CVE-2023-34037, CVE-2023-34038	5.3	moderate	2306	None	None
VMware Horizon Server	2212	Any	CVE-2023-34037, CVE-2023-34038	5.3	moderate	2212.1	None	None
VMware Horizon Server	2209, 2206	Any	CVE-2023-34037, CVE-2023-34038	5.3	moderate	2209.1	None	None
VMware Horizon Server	2111.x, 2106, 2103, 2012, 2006	Any	CVE-2023-34037, CVE-2023-34038	5.3	moderate	2111.2	None	None

4. References

Fixed Versions(s) and Release Notes:
2306 https://docs.vmware.com/en/VMware-Horizon/8-2306/rn/vmware-horizon-8-2306-release-notes/index.html
2212.1 https://docs.vmware.com/en/VMware-Horizon/8-2212.1/rn/vmware-horizon-8-22121-release-notes/index.html
2209.1 https://docs.vmware.com/en/VMware-Horizon/8-2209.1/rn/vmware-horizon-8-22091-release-notes/index.html
2111.2 https://docs.vmware.com/en/VMware-Horizon/8-2111.2/rn/vmware-horizon-8-21112-release-notes/index.html

Downloads:
2306 https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2306
2212.1 https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2212
2209.1 https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2209
2111.2 https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2111

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34038

FIRST CVSSv3 Calculator:
CVE-2023-34037: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-34038: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5. Change Log

2023-08-03: VMSA-2023-0017
Initial security advisory.

6. Contact

E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055

VMware Security Advisories
https://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC

Copyright 2023 VMware Inc. All rights reserved.

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Previous Post

Citrix

Netscaler nstcpdump timestamp shows as UTC+0 instead of device local time(e.g. GMT+9).

12 August 2023

Next Post

Citrix

How to configure High Availability feature in XenServer

15 August 2023