PT-2023-3995 · Citrix · Citrix Secure Access Client For Windows

Published

2023-07-11

Updated

2023-07-19

CVE-2023-24491

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Citrix Secure Access client for Windows (affected versions not specified)

Description A vulnerability has been discovered in the Citrix Secure Access client for Windows, which, if exploited, could allow an attacker with access to an endpoint with a Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITYSYSTEM. The issue is related to insecure privilege management.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2023-04293

CVE-2023-24491

Affected Products

Citrix Secure Access Client For Windows

PT-2023-3995 · Citrix · Citrix Secure Access Client For Windows

CVE-2023-24491

Weakness Enumeration

Related Identifiers

Affected Products

References · 8