CVE-2023-24490 — Improper Access Control in Citrix Virtual Delivery Agents FOR Linux FOR Cvad AND Citrix Daas Security
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 78.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 10
Latest updateJul 11
Description
Users with only access to launch VDA applications can launch an unauthorized desktop
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages4 packages
▶CVEListV5citrix/virtual_delivery_agents_for_linux_for_cvad_and_citrix_daas_securityCurrent Release (CR) 0 — 2305+2
▶CVEListV5citrix/virtual_delivery_agents_for_windows_for_cvad_and_citrix_daas_securityCurrent Release (CR) 0 — 2305 +2
🔴Vulnerability Details
1GHSA▶
GHSA-jg83-rjrf-gwrc: Users with only access to launch VDA applications can launch an unauthorized desktop↗2023-07-11