PT-2024-5728 · Citrix · Citrix Virtual Apps/Desktops+2

Published

2024-06-18

Updated

2024-08-01

CVE-2024-6151

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Citrix Virtual Delivery Agent for Windows (affected versions not specified)

Description The issue is related to insecure privilege management in the Virtual Delivery Agent for Windows component of Citrix Virtual Apps and Desktops and Citrix DaaS. This allows a low-privileged user to gain SYSTEM privileges, enabling potential exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2024-06441

CVE-2024-6151

Affected Products

Citrix Daas

Citrix Virtual Apps/Desktops

Citrix Virtual Delivery Agent For Windows

PT-2024-5728 · Citrix · Citrix Virtual Apps/Desktops+2

CVE-2024-6151

Weakness Enumeration

Related Identifiers

Affected Products

References · 11