cbcvebase.
CVE-2023-24490
published 2023-07-10

CVE-2023-24490: Users with only access to launch VDA applications can launch an unauthorized desktop

PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.30%
21.5th percentile
Users with only access to launch VDA applications can launch an unauthorized desktop

Affected

16 ranges
VendorProductVersion rangeFixed in
citrixcitrix_provisioning_services
citrixcitrix_virtual_apps_and_desktops
citrixlinux_virtual_delivery_agent< 23052305
citrixlinux_virtual_delivery_agent
citrixlinux_virtual_delivery_agent
citrixlinux_virtual_delivery_agent
citrixvirtual_apps_and_desktops< 23052305
citrixvirtual_apps_and_desktops
citrixvirtual_apps_and_desktops
citrixvirtual_delivery_agents_for_linux_for_cvad_and_citrix_daas_security>= Current Release (CR) 0 < 23052305
citrixvirtual_delivery_agents_for_linux_for_cvad_and_citrix_daas_security>= Long Term Service Release (LTSR) 0 < 2203 LTSR CU32203 LTSR CU3
citrixvirtual_delivery_agents_for_linux_for_cvad_and_citrix_daas_security>= Long Term Service Release (LTSR) 0 < 1912 LTSR CU7 hotfix 1(19.12.7001) 1912 LTSR CU7 hotfix 1(19.12.7001)
citrixvirtual_delivery_agents_for_windows_for_cvad_and_citrix_daas_security>= Current Release (CR) 0 < 2305 2305
citrixvirtual_delivery_agents_for_windows_for_cvad_and_citrix_daas_security>= Long Term Service Release (LTSR) 0 < 2203 LTSR CU32203 LTSR CU3
citrixvirtual_delivery_agents_for_windows_for_cvad_and_citrix_daas_security>= Long Term Service Release (LTSR) 0 < 1912 LTSR CU71912 LTSR CU7
citrixxenserver
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.