CVE-2024-6151

Published: Jul 10, 2024Modified: Jul 25, 2025

8.5

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: secure@citrix.com (Secondary)

Description

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS

Affected (15)

Products: Citrix: Virtual Apps And Desktops

Citrix

1 product

Virtual Apps And Desktops

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Citrix Virtual Apps And Desktops	Up to 2311
Citrix Virtual Apps And Desktops	Version 1912
Citrix Virtual Apps And Desktops	Version 1912 cu1
Citrix Virtual Apps And Desktops	Version 1912 cu2
Citrix Virtual Apps And Desktops	Version 1912 cu3
Citrix Virtual Apps And Desktops	Version 1912 cu4
Citrix Virtual Apps And Desktops	Version 1912 cu5
Citrix Virtual Apps And Desktops	Version 1912 cu6
Citrix Virtual Apps And Desktops	Version 1912 cu7
Citrix Virtual Apps And Desktops	Version 1912 cu8
Citrix Virtual Apps And Desktops	Version 2203
Citrix Virtual Apps And Desktops	Version 2203 cu1
Citrix Virtual Apps And Desktops	Version 2203 cu2
Citrix Virtual Apps And Desktops	Version 2203 cu3
Citrix Virtual Apps And Desktops	Version 2203 cu4

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://support.citrix.com/article/CTX678035

Source: secure@citrix.com

Vendor Advisory

https://support.citrix.com/article/CTX678035

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.