PT-2023-3995 · Citrix · Citrix Secure Access Client For Windows

Publicado

2023-07-11

Atualizado

2023-07-19

CVE-2023-24491

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Citrix Secure Access client for Windows (affected versions not specified)

Description A vulnerability has been discovered in the Citrix Secure Access client for Windows, which, if exploited, could allow an attacker with access to an endpoint with a Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITYSYSTEM. The issue is related to insecure privilege management.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

BDU:2023-04293

CVE-2023-24491

Produtos afetados

Citrix Secure Access Client For Windows

PT-2023-3995 · Citrix · Citrix Secure Access Client For Windows

CVE-2023-24491

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8