Citrix Virtual Apps and Desktops and DaaS vulnerable to Local Privilege Escalation
CVE-2024-6151

7.8HIGH

Key Information:

Vendor: Citrix
Status: Windows Virtual Delivery Agent
Vendor: CVE Published:; 10 July 2024

What is CVE-2024-6151?

A local privilege escalation vulnerability exists in the Virtual Delivery Agent for Windows utilized by Citrix Virtual Apps and Desktops, allowing low-privileged users to elevate their access to SYSTEM privileges. This poses a potential security risk as unauthorized users could exploit this vulnerability to gain higher-level control within the system.

Affected Version(s)

Windows Virtual Delivery Agent 2402 < 0

Windows Virtual Delivery Agent 1912 LTSR

Windows Virtual Delivery Agent 2203 LTSR

References

https://support.citrix.com/article/CTX678035

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
Jun 18, 2024