CVE-2023-24490

Summary

Users with only access to launch VDA applications can launch an unauthorized desktop

Affected Software

VendorProductVersion RangeStatus
CitrixVirtual Delivery Agents for Windows for CVAD and Citrix DaaS SecurityCurrent Release (CR) 0 < 2305affected
CitrixVirtual Delivery Agents for Windows for CVAD and Citrix DaaS SecurityLong Term Service Release (LTSR) 0 < 2203 LTSR CU3affected
CitrixVirtual Delivery Agents for Windows for CVAD and Citrix DaaS SecurityLong Term Service Release (LTSR) 0 < 1912 LTSR CU7affected
CitrixVirtual Delivery Agents for Linux for CVAD and Citrix DaaS SecurityCurrent Release (CR) 0 < 2305affected
CitrixVirtual Delivery Agents for Linux for CVAD and Citrix DaaS SecurityLong Term Service Release (LTSR) 0 < 2203 LTSR CU3affected
CitrixVirtual Delivery Agents for Linux for CVAD and Citrix DaaS SecurityLong Term Service Release (LTSR) 0 < 1912 LTSR CU7 hotfix 1(19.12.7001)affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References