CVE-2023-24485

Published: Feb 16, 2023Modified: Mar 19, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.

Affected (11)

Products: Citrix: Workspace

Citrix

1 product

Workspace

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Citrix Workspace	Before 2212
Citrix Workspace	Version 1912
Citrix Workspace	Version 1912 cu1-hf1
Citrix Workspace	Version 1912 cu1
Citrix Workspace	Version 1912 cu2
Citrix Workspace	Version 1912 cu3
Citrix Workspace	Version 1912 cu4
Citrix Workspace	Version 1912 cu5
Citrix Workspace	Version 1912 cu6
Citrix Workspace	Version 2203.1
Citrix Workspace	Version 2203.1 cu1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485

Source: secure@citrix.com

PatchVendor Advisory

https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.