• Insights

Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2024-6151

Jeff Silverman

< 1 min read

All Insights

Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2024-6151

Description of Problem

A vulnerability has been identified that impacts Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. Refer to below for further details:

Affected Versions

The vulnerability affects the following supported versions of Windows Virtual Delivery Agent:

Current Release (CR)

  • Citrix Virtual Apps and Desktops versions before 2402

Long Term Service Release (LTSR)

  • Citrix Virtual Apps and Desktops 1912 LTSR before CU9
  • Citrix Virtual Apps and Desktops 2203 LTSR before CU5
Summary

Windows Virtual Delivery Agent contains the vulnerability mentioned below

CVD-ID Description Pre-Requisites CWE CVSS
CVE-2024-6151 Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges Local access to the target system CWE-269: Improper Privilege Management CVSS v4.0 Base Score: 8.5
What Customers Should Do

Citrix strongly recommends that customers upgrade their Windows Virtual Delivery Agent to versions that contain the fixes as soon as possible.

Windows Virtual Delivery Agent versions that contain the fixes are:

Current Release (CR)

  • Citrix Virtual Apps and Desktops 2402 and later versions

Long Term Service Release (LTSR)

  • Citrix Virtual Apps and Desktops 1912 LTSR CU9 and later cumulative updates
  • Citrix Virtual Apps and Desktops 2203 LTSR CU5 and later cumulative updates
  • Citrix Virtual Apps and Desktops 2402 LTSR
More information

Security Lockhttps://support.citrix.com/article/CTX678035/windows-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve20246151

For assistance from the Kraft Kennedy team, please contact us.