Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Virtual Delivery Agents for Windows for CVAD and Citrix DaaS Security by Citrix

    CVE-2023-24490 (GCVE-0-2023-24490)

    Vulnerability from nvd – Published: 2023-07-10 21:06 – Updated: 2024-10-23 17:36
    VLAI
    Title
    Users with only access to launch VDA applications can launch an unauthorized desktop
    Summary
    Users with only access to launch VDA applications can launch an unauthorized desktop
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Citrix Virtual Delivery Agents for Windows for CVAD and Citrix DaaS Security Affected: Current Release (CR) 0 , < 2305 (patch)
    Affected: Long Term Service Release (LTSR) 0 , < 2203 LTSR CU3 (patch)
    Affected: Long Term Service Release (LTSR) 0 , < 1912 LTSR CU7 (patch)
    Create a notification for this product.
    Citrix Virtual Delivery Agents for Linux for CVAD and Citrix DaaS Security Affected: Current Release (CR) 0 , < 2305 (patch)
    Affected: Long Term Service Release (LTSR) 0 , < 2203 LTSR CU3 (patch)
    Affected: Long Term Service Release (LTSR) 0 , < 1912 LTSR CU7 hotfix 1(19.12.7001) (patch)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:04.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24490",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T17:28:07.038800Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T17:36:56.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Virtual Delivery Agents for Windows for CVAD and Citrix DaaS Security",
              "vendor": "Citrix",
              "versions": [
                {
                  "lessThan": " 2305 ",
                  "status": "affected",
                  "version": "Current Release (CR) 0",
                  "versionType": "patch"
                },
                {
                  "lessThan": "2203 LTSR CU3",
                  "status": "affected",
                  "version": "Long Term Service Release (LTSR) 0",
                  "versionType": "patch"
                },
                {
                  "lessThan": "1912 LTSR CU7",
                  "status": "affected",
                  "version": "Long Term Service Release (LTSR) 0",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Virtual Delivery Agents for Linux for CVAD and Citrix DaaS Security",
              "vendor": "Citrix",
              "versions": [
                {
                  "lessThan": "2305",
                  "status": "affected",
                  "version": "Current Release (CR) 0",
                  "versionType": "patch"
                },
                {
                  "lessThan": "2203 LTSR CU3",
                  "status": "affected",
                  "version": "Long Term Service Release (LTSR) 0",
                  "versionType": "patch"
                },
                {
                  "lessThan": " 1912 LTSR CU7 hotfix 1(19.12.7001)",
                  "status": "affected",
                  "version": "Long Term Service Release (LTSR) 0",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUsers with only access to launch VDA applications can launch an unauthorized desktop\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Users with only access to launch VDA applications can launch an unauthorized desktop\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": " CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-10T21:06:05.934Z",
            "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
            "shortName": "Citrix"
          },
          "references": [
            {
              "url": "https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Users with only access to launch VDA applications can launch an unauthorized desktop",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "assignerShortName": "Citrix",
        "cveId": "CVE-2023-24490",
        "datePublished": "2023-07-10T21:06:05.934Z",
        "dateReserved": "2023-01-24T15:49:52.579Z",
        "dateUpdated": "2024-10-23T17:36:56.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24490 (GCVE-0-2023-24490)

    Vulnerability from cvelistv5 – Published: 2023-07-10 21:06 – Updated: 2024-10-23 17:36
    VLAI
    Title
    Users with only access to launch VDA applications can launch an unauthorized desktop
    Summary
    Users with only access to launch VDA applications can launch an unauthorized desktop
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Citrix Virtual Delivery Agents for Windows for CVAD and Citrix DaaS Security Affected: Current Release (CR) 0 , < 2305 (patch)
    Affected: Long Term Service Release (LTSR) 0 , < 2203 LTSR CU3 (patch)
    Affected: Long Term Service Release (LTSR) 0 , < 1912 LTSR CU7 (patch)
    Create a notification for this product.
    Citrix Virtual Delivery Agents for Linux for CVAD and Citrix DaaS Security Affected: Current Release (CR) 0 , < 2305 (patch)
    Affected: Long Term Service Release (LTSR) 0 , < 2203 LTSR CU3 (patch)
    Affected: Long Term Service Release (LTSR) 0 , < 1912 LTSR CU7 hotfix 1(19.12.7001) (patch)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:04.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24490",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T17:28:07.038800Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T17:36:56.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Virtual Delivery Agents for Windows for CVAD and Citrix DaaS Security",
              "vendor": "Citrix",
              "versions": [
                {
                  "lessThan": " 2305 ",
                  "status": "affected",
                  "version": "Current Release (CR) 0",
                  "versionType": "patch"
                },
                {
                  "lessThan": "2203 LTSR CU3",
                  "status": "affected",
                  "version": "Long Term Service Release (LTSR) 0",
                  "versionType": "patch"
                },
                {
                  "lessThan": "1912 LTSR CU7",
                  "status": "affected",
                  "version": "Long Term Service Release (LTSR) 0",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Virtual Delivery Agents for Linux for CVAD and Citrix DaaS Security",
              "vendor": "Citrix",
              "versions": [
                {
                  "lessThan": "2305",
                  "status": "affected",
                  "version": "Current Release (CR) 0",
                  "versionType": "patch"
                },
                {
                  "lessThan": "2203 LTSR CU3",
                  "status": "affected",
                  "version": "Long Term Service Release (LTSR) 0",
                  "versionType": "patch"
                },
                {
                  "lessThan": " 1912 LTSR CU7 hotfix 1(19.12.7001)",
                  "status": "affected",
                  "version": "Long Term Service Release (LTSR) 0",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUsers with only access to launch VDA applications can launch an unauthorized desktop\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Users with only access to launch VDA applications can launch an unauthorized desktop\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": " CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-10T21:06:05.934Z",
            "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
            "shortName": "Citrix"
          },
          "references": [
            {
              "url": "https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Users with only access to launch VDA applications can launch an unauthorized desktop",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "assignerShortName": "Citrix",
        "cveId": "CVE-2023-24490",
        "datePublished": "2023-07-10T21:06:05.934Z",
        "dateReserved": "2023-01-24T15:49:52.579Z",
        "dateUpdated": "2024-10-23T17:36:56.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }