Lucene search

[email protected]CVE-2023-24490

HistoryJul 10, 2023 - 10:15 p.m.

CVE-2023-24490

2023-07-1022:15:09

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-24490

nvd

vda

unauthorized access

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.9%

JSON

Users with only access to launch VDA applications can launch an unauthorized desktop

Affected configurations

NVD

Node

citrixvirtual_apps_and_desktopsRange<2305-

citrixvirtual_apps_and_desktopsMatch1912-ltsr

citrixvirtual_apps_and_desktopsMatch1912cu1ltsr

citrixvirtual_apps_and_desktopsMatch1912cu2ltsr

citrixvirtual_apps_and_desktopsMatch1912cu3ltsr

citrixvirtual_apps_and_desktopsMatch1912cu4ltsr

citrixvirtual_apps_and_desktopsMatch1912cu5ltsr

citrixvirtual_apps_and_desktopsMatch1912cu6ltsr

citrixvirtual_apps_and_desktopsMatch2203-ltsr

citrixvirtual_apps_and_desktopsMatch2203cu1ltsr

citrixvirtual_apps_and_desktopsMatch2203cu2ltsr

citrixlinux_virtual_delivery_agentRange<2305-

citrixlinux_virtual_delivery_agentMatch1912-ltsr

citrixlinux_virtual_delivery_agentMatch1912cu1ltsr

citrixlinux_virtual_delivery_agentMatch1912cu2ltsr

citrixlinux_virtual_delivery_agentMatch1912cu3ltsr

citrixlinux_virtual_delivery_agentMatch1912cu4ltsr

citrixlinux_virtual_delivery_agentMatch1912cu5ltsr

citrixlinux_virtual_delivery_agentMatch1912cu6ltsr

citrixlinux_virtual_delivery_agentMatch2203-ltsr

citrixlinux_virtual_delivery_agentMatch2203cu1ltsr

citrixlinux_virtual_delivery_agentMatch2203cu2ltsr

CPENameOperatorVersion
citrix:virtual_apps_and_desktopscitrix virtual apps and desktopslt2305
citrix:virtual_apps_and_desktopscitrix virtual apps and desktopseq1912
citrix:virtual_apps_and_desktopscitrix virtual apps and desktopseq2203
citrix:linux_virtual_delivery_agentcitrix linux virtual delivery agentlt2305
citrix:linux_virtual_delivery_agentcitrix linux virtual delivery agenteq1912
citrix:linux_virtual_delivery_agentcitrix linux virtual delivery agenteq2203

CPE	Name	Operator	Version
citrix:virtual_apps_and_desktops	citrix virtual apps and desktops	lt	2305
citrix:virtual_apps_and_desktops	citrix virtual apps and desktops	eq	1912
citrix:virtual_apps_and_desktops	citrix virtual apps and desktops	eq	2203
citrix:linux_virtual_delivery_agent	citrix linux virtual delivery agent	lt	2305
citrix:linux_virtual_delivery_agent	citrix linux virtual delivery agent	eq	1912
citrix:linux_virtual_delivery_agent	citrix linux virtual delivery agent	eq	2203

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Virtual Delivery Agents for Windows for CVAD and Citrix DaaS Security",
    "vendor": "Citrix",
    "versions": [
      {
        "lessThan": " 2305 ",
        "status": "affected",
        "version": "Current Release (CR) 0",
        "versionType": "patch"
      },
      {
        "lessThan": "2203 LTSR CU3",
        "status": "affected",
        "version": "Long Term Service Release (LTSR) 0",
        "versionType": "patch"
      },
      {
        "lessThan": "1912 LTSR CU7",
        "status": "affected",
        "version": "Long Term Service Release (LTSR) 0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Virtual Delivery Agents for Linux for CVAD and Citrix DaaS Security",
    "vendor": "Citrix",
    "versions": [
      {
        "lessThan": "2305",
        "status": "affected",
        "version": "Current Release (CR) 0",
        "versionType": "patch"
      },
      {
        "lessThan": "2203 LTSR CU3",
        "status": "affected",
        "version": "Long Term Service Release (LTSR) 0",
        "versionType": "patch"
      },
      {
        "lessThan": " 1912 LTSR CU7 hotfix 1(19.12.7001)",
        "status": "affected",
        "version": "Long Term Service Release (LTSR) 0",
        "versionType": "patch"
      }
    ]
  }
]