CVE-2024-42423 — MEDIUM (6.1)

Vulnerability Description

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Citrix	Workspace	23.9.0.24.4
Dell	Thinos	2402

Related Weaknesses (CWE)

CWE-863

References

https://www.dell.com/support/kbdoc/en-us/000225289/dsa-2024-229-security-update-Vendor Advisory

FAQ

What is CVE-2024-42423?

CVE-2024-42423 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges...

How severe is CVE-2024-42423?

CVE-2024-42423 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-42423?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Workspace, Dell Thinos.