CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
The vulnerability has been given the following identifier:
CVE ID | Description | Vulnerability Type | Pre-conditions |
---|---|---|---|
CVE-2023-24483 | Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA | CWE-269: Improper Privilege Management | Local access to a Windows VDA as a standard Windows user |
The vulnerability affects the following supported versions of Citrix Virtual Apps and Desktops:
Current Release (CR)
Long Term Service Release (LTSR)
In addition, customers using Citrix Virtual Apps and Desktops Service using any of the vulnerable versions of Citrix Virtual Apps and Desktops Windows VDA are affected and need to take action.