VMware Horizon VDA Exploit: Unauthorized Desktop Launch
CVE-2023-24490 Published on July 10, 2023
Users with only access to launch VDA applications can launch an unauthorized desktop
Users with only access to launch VDA applications can launch an unauthorized desktop
Vulnerability Analysis
CVE-2023-24490 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2023-24490 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2023-24490
stack.watch emails you whenever new vulnerabilities are published in Citrix Virtual Apps And Desktops or Citrix Linux Virtual Delivery Agent. Just hit a watch button to start following.
Affected Versions
Virtual Delivery Agents for Windows for CVAD and Citrix DaaS Security:- Version Current Release (CR) 0 and below 2305 is affected.
- Version Long Term Service Release (LTSR) 0 and below 2203 LTSR CU3 is affected.
- Version Long Term Service Release (LTSR) 0 and below 1912 LTSR CU7 is affected.
- Version Current Release (CR) 0 and below 2305 is affected.
- Version Long Term Service Release (LTSR) 0 and below 2203 LTSR CU3 is affected.
- Version Long Term Service Release (LTSR) 0 and below 1912 LTSR CU7 hotfix 1(19.12.7001) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.