3 matches found
CVE-2023-24483
CVE-2023-24483 affects Citrix Virtual Apps and Desktops Windows VDA. The bulletin CTX477616 states the vulnerability is a Privilege Escalation to NT AUTHORITY\SYSTEM via improper privilege management (CWE-269) on a local Windows user session. Affected are Citrix Virtual Apps and Desktops versions...
CVE-2023-24490
CVE-2023-24490 affects Citrix Virtual Apps and Desktops Windows Virtual Delivery Agent (VDA). The issue is improper access control that allows users with only VDA-launch permissions to start an unauthorized desktop. Documented in Citrix CTX559370 and mirrored by Red Hat/NVD entries; impact is una...
CVE-2025-6759
CVE-2025-6759 affects Citrix Virtual Apps and Desktops — specifically the Windows Virtual Delivery Agent (VDA) used by CVAD and Citrix DaaS. The root cause is an open process handle with full access leaking from SYSTEM-owned GfxMgr.exe into a less-privileged processCtxGfx.exe, allowing a low-priv...