CVE-2024-6151

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Virtual_apps_and_desktops	Citrix	*	2311 (including)
Virtual_apps_and_desktops	Citrix	1912 (including)	1912 (including)
Virtual_apps_and_desktops	Citrix	1912-cu1 (including)	1912-cu1 (including)
Virtual_apps_and_desktops	Citrix	1912-cu2 (including)	1912-cu2 (including)
Virtual_apps_and_desktops	Citrix	1912-cu3 (including)	1912-cu3 (including)
Virtual_apps_and_desktops	Citrix	1912-cu4 (including)	1912-cu4 (including)
Virtual_apps_and_desktops	Citrix	1912-cu5 (including)	1912-cu5 (including)
Virtual_apps_and_desktops	Citrix	1912-cu6 (including)	1912-cu6 (including)
Virtual_apps_and_desktops	Citrix	1912-cu7 (including)	1912-cu7 (including)
Virtual_apps_and_desktops	Citrix	1912-cu8 (including)	1912-cu8 (including)
Virtual_apps_and_desktops	Citrix	2203 (including)	2203 (including)
Virtual_apps_and_desktops	Citrix	2203-cu1 (including)	2203-cu1 (including)
Virtual_apps_and_desktops	Citrix	2203-cu2 (including)	2203-cu2 (including)
Virtual_apps_and_desktops	Citrix	2203-cu3 (including)	2203-cu3 (including)
Virtual_apps_and_desktops	Citrix	2203-cu4 (including)	2203-cu4 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-6151
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

References

CVE-2024-6151

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References