A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
The vulnerability has been given the following identifier:
CVE ID | Description | Vulnerability Type | Pre-conditions |
---|---|---|---|
CVE-2023-24483 | Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA | CWE-269: Improper Privilege Management | Local access to a Windows VDA as a standard Windows user |
The vulnerability affects the following supported versions of Citrix Virtual Apps and Desktops:
Current Release (CR)
Long Term Service Release (LTSR)
In addition, customers using Citrix Virtual Apps and Desktops Service using any of the vulnerable versions of Citrix Virtual Apps and Desktops Windows VDA are affected and need to take action.