CVE-2023-24492
https://notcve.org/view.php?id=CVE-2023-24492
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. • https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-24491
https://notcve.org/view.php?id=CVE-2023-24491
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. • https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491 • CWE-269: Improper Privilege Management •
CVE-2023-24489 – Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2023-24489
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers. • https://github.com/codeb0ss/CVE-2023-24489-PoC https://github.com/adhikara13/CVE-2023-24489-ShareFile https://github.com/whalebone7/CVE-2023-24489-poc https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489 • CWE-284: Improper Access Control •
CVE-2023-24490 – Users with only access to launch VDA applications can launch an unauthorized desktop
https://notcve.org/view.php?id=CVE-2023-24490
Users with only access to launch VDA applications can launch an unauthorized desktop • https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490 • CWE-284: Improper Access Control •
CVE-2023-24487 – Arbitrary file read
https://notcve.org/view.php?id=CVE-2023-24487
Arbitrary file read in Citrix ADC and Citrix Gateway • https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488 • CWE-253: Incorrect Check of Function Return Value •