Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA
CVE-2023-24483
7.8HIGH
Key Information:
- Vendor
- Citrix
- Vendor
- CVE Published:
- 16 February 2023
Summary
A vulnerability has been reported in Citrix Virtual Apps and Desktops that enables a local user to gain elevated privileges, potentially allowing them to execute arbitrary commands with system-level access (NT AUTHORITY\SYSTEM). This could lead to unauthorized activities within the system, posing a risk to data integrity and security. Organizations utilizing Citrix Virtual Apps and Desktops should apply patches immediately to mitigate this risk.
Affected Version(s)
Citrix Virtual Apps and Desktops Citrix Virtual Apps and Desktops < 2212
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved