CVE-2024-42423 — Incorrect Authorization in Dell Wyse Proprietary OS

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 92.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Proprietary OS Citrix Workspace Citrix Workspace

Timeline

PublishedSep 10

Description

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶NVDcitrix/workspace23.9.0.24.4

▶citrixcitrix/citrix_workspace

▶CVEListV5dell/wyse_proprietary_osThinOS 2311, ThinOS 2402+1

🔴Vulnerability Details

GHSA

GHSA-8g2h-4x5w-4v4p: Citrix Workspace App version 23↗2024-09-10

▶

📋Vendor Advisories

Citrix

CVE-2024-42423: Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin↗2024-09-10

▶