CVE-2023-24483

Published Feb 16, 2023

Last updated 2 years ago

Overview

Description: A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
Source: secure@citrix.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-269
secure@citrix.com: CWE-269

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91005BBC-3F35-4161-B525-8A8272861607",
            "versionEndExcluding": "2212"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9330183-B04B-46F1-9DA6-5EAF216DFCC3"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu1:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2486FD4-AF16-4F57-836A-42A2D11012C8"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu2:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BF66372-CFDC-42DD-87FA-480DC0565977"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE1E7523-EEB7-46CE-A01E-04FACB407395"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu4:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B60552E-923B-4064-96D9-0F565C58695C"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu5:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21EC9092-FCA9-41AA-9A9B-83D7E3DABB2E"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AE1E7FC-9E2C-45BC-9F12-43149210D261"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu1:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AEBE958-3A73-4F9D-932E-62495408A609"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References