Lucene search
HistoryFeb 16, 2023 - 6:15 p.m.
CVE-2023-24484
malicious user
log files
unauthorized writing
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
5.4
Confidence
High
EPSS
0
Percentile
13.2%
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
Affected configurations
Node
citrixworkspaceRange<2212-windows
ORcitrixworkspaceMatch1912-ltsrwindows
ORcitrixworkspaceMatch1912cu1ltsrwindows
ORcitrixworkspaceMatch1912cu1-hf1ltsrwindows
ORcitrixworkspaceMatch1912cu2ltsrwindows
ORcitrixworkspaceMatch1912cu3ltsrwindows
ORcitrixworkspaceMatch1912cu4ltsrwindows
ORcitrixworkspaceMatch1912cu5ltsrwindows
ORcitrixworkspaceMatch1912cu6ltsrwindows
ORcitrixworkspaceMatch2203.1-ltsrwindows
ORcitrixworkspaceMatch2203.1cu1ltsrwindows
| Vendor | Product | Version | CPE |
|---|---|---|---|
| citrix | workspace | * | cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:* |
| citrix | workspace | 1912 | cpe:2.3:a:citrix:workspace:1912:-:*:*:ltsr:windows:*:* |
| citrix | workspace | 1912 | cpe:2.3:a:citrix:workspace:1912:cu1:*:*:ltsr:windows:*:* |
| citrix | workspace | 1912 | cpe:2.3:a:citrix:workspace:1912:cu1-hf1:*:*:ltsr:windows:*:* |
| citrix | workspace | 1912 | cpe:2.3:a:citrix:workspace:1912:cu2:*:*:ltsr:windows:*:* |
| citrix | workspace | 1912 | cpe:2.3:a:citrix:workspace:1912:cu3:*:*:ltsr:windows:*:* |
| citrix | workspace | 1912 | cpe:2.3:a:citrix:workspace:1912:cu4:*:*:ltsr:windows:*:* |
| citrix | workspace | 1912 | cpe:2.3:a:citrix:workspace:1912:cu5:*:*:ltsr:windows:*:* |
| citrix | workspace | 1912 | cpe:2.3:a:citrix:workspace:1912:cu6:*:*:ltsr:windows:*:* |
| citrix | workspace | 2203.1 | cpe:2.3:a:citrix:workspace:2203.1:-:*:*:ltsr:windows:*:* |
Related
cve
cve
CVE-2023-24484
2023-02-16 18:15:11
cvelist
cvelist
prion
prion
Directory traversal
2023-02-16 18:15:00
nessus
nessus
Citrix Workspace App for Windows Multiple Vulnerabilities (CTX477617)
2023-02-17 00:00:00
citrix
citrix
cisa
cisa
malwarebytes
malwarebytes
Update now! February's Patch Tuesday tackles three zero-days
2023-02-15 03:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
5.4
Confidence
High
EPSS
0
Percentile
13.2%
Related for NVD:CVE-2023-24484