Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483
Article ID: CTX477616
Updated On:
Description
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
The vulnerability has been given the following identifier:
|
CVE ID |
Description |
Vulnerability Type |
Pre-conditions |
|
CVE-2023-24483 |
Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA |
CWE-269: Improper Privilege Management |
Local access to a Windows VDA as a standard Windows user |
The vulnerability affects the following supported versions of Citrix Virtual Apps and Desktops:
Current Release (CR)
- Citrix Virtual Apps and Desktops versions before 2212
Long Term Service Release (LTSR)
- Citrix Virtual Apps and Desktops 2203 LTSR before CU2
- Citrix Virtual Apps and Desktops 1912 LTSR before CU6
In addition, customers using Citrix Virtual Apps and Desktops Service using any of the vulnerable versions of Citrix Virtual Apps and Desktops Windows VDA are affected and need to take action.
Instructions
Recent versions of Citrix Virtual Apps and Desktops contain fixes for this vulnerability:
- Citrix Virtual Apps and Desktops 2212 and later versions
- Citrix Virtual Apps and Desktops 2203 LTSR CU2 and later cumulative updates
- Citrix Virtual Apps and Desktops 1912 LTSR CU6 and later cumulative updates
Citrix strongly recommends that customers upgrade to a version of Virtual Apps and Desktops that contains the fixes as soon as possible.
The latest versions of Citrix Virtual Apps and Desktops are available from the following Citrix website location:
https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/
Acknowledgements
Citrix would like to thank the Lockheed Martin Red Team for working with us to protect Citrix customers.Additional Information
| Date | Change |
| 2023-02-14 | Initial publication |
