CVE-2024-6151 — Improper Privilege Management in Citrix Windows Virtual Delivery Agent

CWE-269 — Improper Privilege Management4 documents3 sources

Severity

8.5HIGHNVD

EPSS

0.1%

top 68.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Windows Virtual Delivery Agent Citrix Virtual Apps AND Desktops Citrix Provisioning Services +2 more

Timeline

PublishedJul 10

Latest updateJul 15

Description

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages6 packages

▶CVEListV5citrix/windows_virtual_delivery_agent2402 — 0+2

▶NVDcitrix/virtual_apps_and_desktops2311+2

▶citrixcitrix/virtual_apps_and_desktops

▶citrixcitrix/citrix_virtual_apps_and_desktops

▶citrixcitrix/xenserver

🔴Vulnerability Details

GHSA

GHSA-qcjc-4pgc-2w7h: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps an↗2024-07-10

▶

📋Vendor Advisories

Citrix

Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2024-6151↗2024-07-15

▶

Citrix

CVE-2024-6151: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps an↗2024-07-10

▶