A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITYSYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Virtual_apps_and_desktops | Citrix | * | 2212 (excluding) |
| Virtual_apps_and_desktops | Citrix | 1912 (including) | 1912 (including) |
| Virtual_apps_and_desktops | Citrix | 1912-cu1 (including) | 1912-cu1 (including) |
| Virtual_apps_and_desktops | Citrix | 1912-cu2 (including) | 1912-cu2 (including) |
| Virtual_apps_and_desktops | Citrix | 1912-cu3 (including) | 1912-cu3 (including) |
| Virtual_apps_and_desktops | Citrix | 1912-cu4 (including) | 1912-cu4 (including) |
| Virtual_apps_and_desktops | Citrix | 1912-cu5 (including) | 1912-cu5 (including) |
| Virtual_apps_and_desktops | Citrix | 2203 (including) | 2203 (including) |
| Virtual_apps_and_desktops | Citrix | 2203-cu1 (including) | 2203-cu1 (including) |