Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA
CVE-2023-24483

7.8HIGH

Key Information:

Vendor: Citrix
Status: Citrix Virtual Apps And Desktops
Vendor: CVE Published:; 16 February 2023

What is CVE-2023-24483?

A vulnerability has been reported in Citrix Virtual Apps and Desktops that enables a local user to gain elevated privileges, potentially allowing them to execute arbitrary commands with system-level access (NT AUTHORITY\SYSTEM). This could lead to unauthorized activities within the system, posing a risk to data integrity and security. Organizations utilizing Citrix Virtual Apps and Desktops should apply patches immediately to mitigate this risk.

Affected Version(s)

Citrix Virtual Apps and Desktops Citrix Virtual Apps and Desktops < 2212

References

https://support.citrix.com/article/CTX477616/citrix-virtu...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Jan 24, 2023