CVE-2024-6151
published 2024-07-10CVE-2024-6151: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.21%
11.7th percentile
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_provisioning_services | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | virtual_apps_and_desktops | <= 2311 | — |
| citrix | virtual_apps_and_desktops | — | — |
| citrix | virtual_apps_and_desktops | — | — |
| citrix | virtual_apps_and_desktops | — | — |
| citrix | windows_virtual_delivery_agent | >= 1912 LTSR < CU9 | CU9 |
| citrix | windows_virtual_delivery_agent | >= 2203 LTSR < CU5 | CU5 |
| citrix | windows_virtual_delivery_agent | >= 2402 < 0 | 0 |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.5HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2024-6151
vendor_citrix·2024-07-15·CVSS 8.5
CVE-2024-6151 [HIGH] CWE-269 Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2024-6151
Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2024-6151
of Problem A vulnerability has been identified that impacts Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. Refer to below for further details:
CVE References: CVE-2024-6151
Affected Products: Citrix Virtual Apps and Desktops, Citrix provisioning services, XenServer
Severity: High
CVSS Score: 8.5
Remediation:
Citrix strongly recommends that customers upgrade their Windows Virtual Delivery Agent to versions that contain the fixes as soon as possible. Windows Virtual Delivery Agent versions that contain the fixes are: Current Release (CR) Citrix Virtual Apps and Desktops 2402 and later versions Long Term Service Release (LTSR) Citrix Virtual Apps and Desktop
Citrix
CVE-2024-6151: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps an
vendor_citrix·2024-07-10·CVSS 7.8
CVE-2024-6151 [HIGH] CWE-269 CVE-2024-6151: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps an
CVE-2024-6151: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS
GHSA
GHSA-qcjc-4pgc-2w7h: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps an
ghsa_unreviewed·2024-07-10
CVE-2024-6151 [HIGH] CWE-269 GHSA-qcjc-4pgc-2w7h: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps an
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-10
Published