CVE-2024-42423

Summary

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.

Affected Software

VendorProductVersion RangeStatus
DellWyse Proprietary OS (Modern ThinOS)ThinOS 2311affected
DellWyse Proprietary OS (Modern ThinOS)ThinOS 2402affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References