CVE-2023-24483
published 2023-02-16CVE-2023-24483: A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual…
PriorityP337high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.27%
17.8th percentile
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | citrix_virtual_apps_and_desktops | >= Citrix Virtual Apps and Desktops < 2212 | 2212 |
| citrix | virtual_apps_and_desktops | < 2212 | 2212 |
| citrix | virtual_apps_and_desktops | — | — |
| citrix | virtual_apps_and_desktops | — | — |
| citrix | virtual_apps_and_desktops | — | — |
| citrix | xenserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2023-24483: A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citri
vendor_citrix·2023-02-16·CVSS 7.8
CVE-2023-24483 [HIGH] CWE-269 CVE-2023-24483: A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citri
CVE-2023-24483: A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
Citrix
Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483
vendor_citrix·CVSS 7.8
CVE-2023-24483 [HIGH] CWE-269 Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483
Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483
Vulnerability Type Pre-conditions CVE-2023-24483 Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA CWE-269: Improper Privilege Management Local access to a Windows VDA as a standard Windows user The vulnerability affects the following supported versions of Citrix Virtual Apps and Desktops: Current Release (CR) Citrix Virtual Apps and Desktops versions before 2212 Long Term Service Release (LTSR) Citrix Virtual Apps and Desktops 2203 LTSR before CU2 Citrix Virtual Apps and Desktops 1912 LTSR before CU6 In addition, customers using Citrix Virtual Apps and Desktops Service using any of the vulnerable versions of Citrix Virtual Apps and Desktops Windows VDA are affected and need to take action. Instructions
GHSA
GHSA-g58p-hgrm-327x: A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citri
ghsa_unreviewed·2023-02-16
CVE-2023-24483 [HIGH] CWE-269 GHSA-g58p-hgrm-327x: A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citri
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-16
Published