CVE-2023-24490

🗓️ 10 Jul 2023 21:06:05Reported by CitrixType

Users with limited VDA access can launch unauthorized deskto

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-24490	11 Jul 202302:24	–	circl
Tenable Nessus	Citrix Virtual Apps and Desktops Improper Access Control (CTX559370)	15 Jun 202300:00	–	nessus
CNNVD	Citrix Systems Citrix Virtual Apps and Desktops 安全漏洞	10 Jul 202300:00	–	cnnvd
Citrix	Windows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490	13 Jun 202316:52	–	citrix
Citrix	Citrix Virtual Apps and Desktop - Configuration, Policies and Security.	14 Jul 202400:00	–	citrix
Cvelist	CVE-2023-24490 Users with only access to launch VDA applications can launch an unauthorized desktop	10 Jul 202321:06	–	cvelist
EUVD	EUVD-2023-28508	3 Oct 202520:07	–	euvd
NCSC	Vulnerability fixed in Citrix Virtual Apps and Deckstops	15 Jun 202300:00	–	ncsc
NVD	CVE-2023-24490	10 Jul 202322:15	–	nvd
OSV	CVE-2023-24490	10 Jul 202322:15	–	osv

NVD

Node

citrix virtual_apps_and_desktopsRange<2305-

citrix virtual_apps_and_desktopsMatch1912-ltsr

citrix virtual_apps_and_desktopsMatch1912cu1ltsr

citrix virtual_apps_and_desktopsMatch1912cu2ltsr

citrix virtual_apps_and_desktopsMatch1912cu3ltsr

citrix virtual_apps_and_desktopsMatch1912cu4ltsr

citrix virtual_apps_and_desktopsMatch1912cu5ltsr

citrix virtual_apps_and_desktopsMatch1912cu6ltsr

citrix virtual_apps_and_desktopsMatch2203-ltsr

citrix virtual_apps_and_desktopsMatch2203cu1ltsr

citrix virtual_apps_and_desktopsMatch2203cu2ltsr

citrix linux_virtual_delivery_agentRange<2305-

citrix linux_virtual_delivery_agentMatch1912-ltsr

citrix linux_virtual_delivery_agentMatch1912cu1ltsr

citrix linux_virtual_delivery_agentMatch1912cu2ltsr

citrix linux_virtual_delivery_agentMatch1912cu3ltsr

citrix linux_virtual_delivery_agentMatch1912cu4ltsr

citrix linux_virtual_delivery_agentMatch1912cu5ltsr

citrix linux_virtual_delivery_agentMatch1912cu6ltsr

citrix linux_virtual_delivery_agentMatch2203-ltsr

citrix linux_virtual_delivery_agentMatch2203cu1ltsr

citrix linux_virtual_delivery_agentMatch2203cu2ltsr

[
  {
    "defaultStatus": "unaffected",
    "product": "Virtual Delivery Agents for Windows for CVAD and Citrix DaaS Security",
    "vendor": "Citrix",
    "versions": [
      {
        "lessThan": " 2305 ",
        "status": "affected",
        "version": "Current Release (CR) 0",
        "versionType": "patch"
      },
      {
        "lessThan": "2203 LTSR CU3",
        "status": "affected",
        "version": "Long Term Service Release (LTSR) 0",
        "versionType": "patch"
      },
      {
        "lessThan": "1912 LTSR CU7",
        "status": "affected",
        "version": "Long Term Service Release (LTSR) 0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Virtual Delivery Agents for Linux for CVAD and Citrix DaaS Security",
    "vendor": "Citrix",
    "versions": [
      {
        "lessThan": "2305",
        "status": "affected",
        "version": "Current Release (CR) 0",
        "versionType": "patch"
      },
      {
        "lessThan": "2203 LTSR CU3",
        "status": "affected",
        "version": "Long Term Service Release (LTSR) 0",
        "versionType": "patch"
      },
      {
        "lessThan": " 1912 LTSR CU7 hotfix 1(19.12.7001)",
        "status": "affected",
        "version": "Long Term Service Release (LTSR) 0",
        "versionType": "patch"
      }
    ]
  }
]

Source	Link
support	www.support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490

21 Nov 2024 07:47Current

5.3Medium risk

Vulners AI Score5.3

CVSS 3.14.3 - 6.3

EPSS0.00074

SSVC

CWE-284