{"short":"Citrix Workspace App contains vulnerability"}
CVE-2024-42423

7.1HIGH

Key Information:

Vendor: Dell
Status: Wyse Proprietary Os (modern Thinos)
Vendor: CVE Published:; 10 September 2024

What is CVE-2024-42423?

Citrix Workspace App version 23.9.0.24.4, when used on Dell ThinOS 2311, is impacted by an Incorrect Authorization vulnerability. This issue arises specifically when Citrix CEB is enabled for WebLogin. It allows local unauthenticated users with minimal privileges to exploit this vulnerability. Consequently, they may bypass existing security measures, leading to unauthorized actions such as information disclosure and tampering with system operations. The consequences of this vulnerability necessitate prompt attention and remediation to safeguard sensitive data and maintain system integrity.

Affected Version(s)

Wyse Proprietary OS (Modern ThinOS) ThinOS 2311

Wyse Proprietary OS (Modern ThinOS) ThinOS 2402

References

https://www.dell.com/support/kbdoc/en-us/000225289/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 1, 2024