CVE Vulnerabilities

CVE-2024-6151

Improper Privilege Management

Published: Jul 10, 2024 | Modified: Jul 25, 2025
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Local Privilege escalation allows a low-privileged user to gain SYSTEM privilegesĀ inĀ Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Virtual_apps_and_desktops Citrix * 2311 (including)
Virtual_apps_and_desktops Citrix 1912 (including) 1912 (including)
Virtual_apps_and_desktops Citrix 1912-cu1 (including) 1912-cu1 (including)
Virtual_apps_and_desktops Citrix 1912-cu2 (including) 1912-cu2 (including)
Virtual_apps_and_desktops Citrix 1912-cu3 (including) 1912-cu3 (including)
Virtual_apps_and_desktops Citrix 1912-cu4 (including) 1912-cu4 (including)
Virtual_apps_and_desktops Citrix 1912-cu5 (including) 1912-cu5 (including)
Virtual_apps_and_desktops Citrix 1912-cu6 (including) 1912-cu6 (including)
Virtual_apps_and_desktops Citrix 1912-cu7 (including) 1912-cu7 (including)
Virtual_apps_and_desktops Citrix 1912-cu8 (including) 1912-cu8 (including)
Virtual_apps_and_desktops Citrix 2203 (including) 2203 (including)
Virtual_apps_and_desktops Citrix 2203-cu1 (including) 2203-cu1 (including)
Virtual_apps_and_desktops Citrix 2203-cu2 (including) 2203-cu2 (including)
Virtual_apps_and_desktops Citrix 2203-cu3 (including) 2203-cu3 (including)
Virtual_apps_and_desktops Citrix 2203-cu4 (including) 2203-cu4 (including)

Potential Mitigations

References