Vulnerabilites related to citrix - secure_access_client
CVE-2025-1223 (GCVE-0-2025-1223)
Vulnerability from cvelistv5
Published
2025-02-20 00:07
Modified
2025-02-20 16:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Secure Access Client for Mac |
Version: 25 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T16:21:44.396057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T16:21:58.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access Client for Mac",
"vendor": "Citrix",
"versions": [
{
"lessThan": "01.2",
"status": "affected",
"version": "25",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCitrix Secure Access Client for Mac\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in\u00a0Citrix Secure Access Client for Mac"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T00:07:27.949Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX692679-citrix-secure-access-client-for-mac-security-bulletin-for-cve20251222-and-cve20251223?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-1223",
"datePublished": "2025-02-20T00:07:27.949Z",
"dateReserved": "2025-02-11T05:59:28.866Z",
"dateUpdated": "2025-02-20T16:21:58.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0320 (GCVE-0-2025-0320)
Vulnerability from cvelistv5
Published
2025-06-17 13:25
Modified
2025-06-18 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Secure Access Client for Windows |
Version: 1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T03:56:03.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access Client for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "25.5.1.15",
"status": "affected",
"version": "1",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-06-17T13:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:25:22.351Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694724"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-0320",
"datePublished": "2025-06-17T13:25:22.351Z",
"dateReserved": "2025-01-07T23:53:15.561Z",
"dateUpdated": "2025-06-18T03:56:03.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3661 (GCVE-0-2024-3661)
Vulnerability from cvelistv5
Published
2024-05-06 18:31
Modified
2024-08-28 19:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:00.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
},
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
},
{
"tags": [
"x_transferred"
],
"url": "https://tunnelvisionbug.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.leviathansecurity.com/research/tunnelvision"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40279632"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
},
{
"tags": [
"x_transferred"
],
"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
},
{
"tags": [
"x_transferred"
],
"url": "https://issuetracker.google.com/issues/263721377"
},
{
"tags": [
"x_transferred"
],
"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40284111"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
},
{
"tags": [
"x_transferred"
],
"url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-3661"
},
{
"tags": [
"x_transferred"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
},
{
"tags": [
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000139553"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T04:00:07.962328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T19:09:06.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "DHCP",
"vendor": "IETF",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2002-12-31T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}
],
"value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "CWE-501 Trust Boundary Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T15:04:50.790Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
},
{
"url": "https://tunnelvisionbug.com/"
},
{
"url": "https://www.leviathansecurity.com/research/tunnelvision"
},
{
"url": "https://news.ycombinator.com/item?id=40279632"
},
{
"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
},
{
"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
},
{
"url": "https://issuetracker.google.com/issues/263721377"
},
{
"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
},
{
"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
},
{
"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
},
{
"url": "https://news.ycombinator.com/item?id=40284111"
},
{
"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
},
{
"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
},
{
"url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
},
{
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
},
{
"url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3661"
},
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
},
{
"url": "https://my.f5.com/manage/s/article/K000139553"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DHCP routing options can manipulate interface-based VPN traffic",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-3661",
"datePublished": "2024-05-06T18:31:21.217Z",
"dateReserved": "2024-04-11T17:24:22.637Z",
"dateUpdated": "2024-08-28T19:09:06.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24492 (GCVE-0-2023-24492)
Vulnerability from cvelistv5
Published
2023-07-11 21:36
Modified
2024-11-07 15:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Secure Access client for Ubuntu |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:secure_access_client:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "secure_access_client",
"vendor": "citrix",
"versions": [
{
"lessThan": "23.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:16:53.003838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:18:05.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Citrix Secure Access client for Ubuntu",
"vendor": "Citrix",
"versions": [
{
"lessThan": "23.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been discovered in the Citrix Secure Access client for Ubuntu\u003c/span\u003e\u0026nbsp;which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.\u003cbr\u003e"
}
],
"value": "\nA vulnerability has been discovered in the Citrix Secure Access client for Ubuntu\u00a0which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T21:36:52.664Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24492",
"datePublished": "2023-07-11T21:36:52.664Z",
"dateReserved": "2023-01-24T15:49:52.579Z",
"dateUpdated": "2024-11-07T15:18:05.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1222 (GCVE-0-2025-1222)
Vulnerability from cvelistv5
Published
2025-02-20 00:05
Modified
2025-02-20 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- cwe-693
Summary
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Secure Access Client for Mac |
Version: 25 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T16:27:31.008185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T16:27:56.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access Client for Mac",
"vendor": "Citrix",
"versions": [
{
"lessThan": "01.2",
"status": "affected",
"version": "25",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac"
}
],
"value": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-693",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T00:05:23.829Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX692679-citrix-secure-access-client-for-mac-security-bulletin-for-cve20251222-and-cve20251223?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-1222",
"datePublished": "2025-02-20T00:05:23.829Z",
"dateReserved": "2025-02-11T05:59:25.290Z",
"dateUpdated": "2025-02-20T16:27:56.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24491 (GCVE-0-2023-24491)
Vulnerability from cvelistv5
Published
2023-07-11 21:13
Modified
2024-11-07 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability has been discovered in the Citrix Secure Access client for Windows
which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Secure Access client for Windows |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:secure_access_client:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "secure_access_client",
"vendor": "citrix",
"versions": [
{
"lessThan": "23.5.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:20:05.532600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:20:58.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Citrix Secure Access client for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "23.5.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been discovered in the Citrix Secure Access client for Windows\u003c/span\u003e\n\n\n\nwhich, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNT AUTHORITY\\SYSTEM.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nA vulnerability has been discovered in the Citrix Secure Access client for Windows\n\n\n\nwhich, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of\u00a0NT AUTHORITY\\SYSTEM.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T21:13:05.305Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24491",
"datePublished": "2023-07-11T21:13:05.305Z",
"dateReserved": "2023-01-24T15:49:52.579Z",
"dateUpdated": "2024-11-07T15:20:58.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-02-20 01:15
Modified
2025-08-06 17:34
Severity ?
Summary
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | secure_access_client | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F13B74B0-DCE3-45D9-ACFF-0492B4BE0EB5",
"versionEndExcluding": "25.01.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac"
},
{
"lang": "es",
"value": "Un atacante puede obtener privilegios de aplicaci\u00f3n para realizar modificaciones limitadas y/o leer datos arbitrarios en Citrix Secure Access Client para Mac"
}
],
"id": "CVE-2025-1222",
"lastModified": "2025-08-06T17:34:08.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@citrix.com",
"type": "Secondary"
}
]
},
"published": "2025-02-20T01:15:09.707",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/s/article/CTX692679-citrix-secure-access-client-for-mac-security-bulletin-for-cve20251222-and-cve20251223?language=en_US"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-20 01:15
Modified
2025-08-06 17:34
Severity ?
Summary
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | secure_access_client | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F13B74B0-DCE3-45D9-ACFF-0492B4BE0EB5",
"versionEndExcluding": "25.01.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in\u00a0Citrix Secure Access Client for Mac"
},
{
"lang": "es",
"value": "Un atacante puede obtener privilegios de aplicaci\u00f3n para realizar modificaciones limitadas y/o leer datos arbitrarios en Citrix Secure Access Client para Mac"
}
],
"id": "CVE-2025-1223",
"lastModified": "2025-08-06T17:34:41.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@citrix.com",
"type": "Secondary"
}
]
},
"published": "2025-02-20T01:15:09.837",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/s/article/CTX692679-citrix-secure-access-client-for-mac-security-bulletin-for-cve20251222-and-cve20251223?language=en_US"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-06 19:15
Modified
2025-01-15 16:50
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Summary
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ | Press/Media Coverage | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://bst.cisco.com/quickview/bug/CSCwk05814 | Vendor Advisory | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://datatracker.ietf.org/doc/html/rfc2131#section-7 | Related | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://datatracker.ietf.org/doc/html/rfc3442#section-7 | Related | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://fortiguard.fortinet.com/psirt/FG-IR-24-170 | Vendor Advisory | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://issuetracker.google.com/issues/263721377 | Issue Tracking | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ | Press/Media Coverage | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic | Issue Tracking | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision | Third Party Advisory | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://my.f5.com/manage/s/article/K000139553 | Vendor Advisory | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://news.ycombinator.com/item?id=40279632 | Issue Tracking | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://news.ycombinator.com/item?id=40284111 | Issue Tracking | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://security.paloaltonetworks.com/CVE-2024-3661 | Vendor Advisory | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 | Vendor Advisory | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://tunnelvisionbug.com/ | Exploit, Third Party Advisory | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://www.agwa.name/blog/post/hardening_openvpn_for_def_con | Related | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://www.leviathansecurity.com/research/tunnelvision | Third Party Advisory | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ | Press/Media Coverage | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 | Mitigation, Third Party Advisory | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ | Exploit, Press/Media Coverage | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bst.cisco.com/quickview/bug/CSCwk05814 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://datatracker.ietf.org/doc/html/rfc2131#section-7 | Related | |
| af854a3a-2127-422b-91ae-364da2661108 | https://datatracker.ietf.org/doc/html/rfc3442#section-7 | Related | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.fortinet.com/psirt/FG-IR-24-170 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issuetracker.google.com/issues/263721377 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ | Exploit, Press/Media Coverage | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://my.f5.com/manage/s/article/K000139553 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://news.ycombinator.com/item?id=40279632 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://news.ycombinator.com/item?id=40284111 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.paloaltonetworks.com/CVE-2024-3661 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tunnelvisionbug.com/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.agwa.name/blog/post/hardening_openvpn_for_def_con | Related | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.leviathansecurity.com/research/tunnelvision | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ | Exploit, Press/Media Coverage | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | forticlient | * | |
| fortinet | forticlient | * | |
| fortinet | forticlient | * | |
| fortinet | forticlient | 7.4.0 | |
| fortinet | forticlient | 7.4.0 | |
| fortinet | forticlient | 7.4.0 | |
| cisco | anyconnect_vpn_client | - | |
| cisco | secure_client | - | |
| paloaltonetworks | globalprotect | * | |
| paloaltonetworks | globalprotect | * | |
| paloaltonetworks | globalprotect | * | |
| paloaltonetworks | globalprotect | * | |
| citrix | secure_access_client | * | |
| apple | iphone_os | - | |
| apple | macos | - | |
| citrix | secure_access_client | * | |
| linux | linux_kernel | - | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| watchguard | ipsec_mobile_vpn_client | * | |
| watchguard | ipsec_mobile_vpn_client | * | |
| watchguard | mobile_vpn_with_ssl | * | |
| watchguard | mobile_vpn_with_ssl | * | |
| zscaler | client_connector | * | |
| zscaler | client_connector | * | |
| zscaler | client_connector | * | |
| zscaler | client_connector | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "F0918F54-0052-42BD-A73E-CFF198B9EC48",
"versionEndExcluding": "7.2.5",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "81B7F626-84B5-47A5-959F-735D6250C147",
"versionEndExcluding": "7.2.5",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5E714EAF-73AB-41EA-AC57-E59B78FD7853",
"versionEndExcluding": "7.2.5",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "7B728862-1FAB-47B4-823D-2C19CBF76DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "0A079CA4-D957-402A-B899-31F26A89DF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "6B512696-8596-4458-ADC9-24DD3C6C377B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:anyconnect_vpn_client:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59289E79-5A0A-4675-B7D4-C759401736A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_client:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE81F5D2-269B-4098-AA9F-2DBCA3CB8813",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8EEBB31D-BC9C-4EAD-86B1-8B95AB118A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "4814D5DB-A96C-4D91-9DAE-87FF0DA101D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "72F88FEB-766B-4FCD-B78E-0E8E5E2B5CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D5537140-CDA3-4410-B101-24D1AB3624EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB344FC1-AD7C-4988-A703-8B2CD0AEF57C",
"versionEndExcluding": "24.06.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "697D4070-101A-45B1-99B1-F33ECF03945C",
"versionEndExcluding": "24.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB16CE4D-183C-44B9-A5FF-6F9FA3C0A618",
"versionEndIncluding": "7.2.5",
"versionStartIncluding": "7.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7F605E-EB10-40FB-98D6-7E3A95E310BC",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FEC1DE-D11F-4DC8-8B21-51BAF1731A5F",
"versionEndIncluding": "16.1.5",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE3A941-B898-4EAB-9073-C6A312E59FC5",
"versionEndIncluding": "17.1.2",
"versionStartIncluding": "17.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:watchguard:ipsec_mobile_vpn_client:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "FFB4A7FD-AC96-490D-9CBB-72166D46C4FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:ipsec_mobile_vpn_client:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "2EAD2DBA-3038-4EF8-8BAE-80BD3DA97B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:mobile_vpn_with_ssl:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "AB8A39F6-8AD5-4B9D-92E4-7E28EE78C5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:mobile_vpn_with_ssl:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0AF97158-6BB8-47CA-8214-98D2F801C8BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "1F206869-8FCE-40AE-ADDC-62F221E00004",
"versionEndExcluding": "1.5.1.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "7D37D825-E2B8-4924-AA8A-ACB0E08A3C61",
"versionEndExcluding": "4.2.0.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "4EC77FDF-1E1A-4638-9C9F-DA4205FDD69B",
"versionEndExcluding": "3.7.0.134",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "C057E1BC-C7BA-4EAF-8200-560035118FA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
},
{
"lang": "es",
"value": "Por dise\u00f1o, el protocolo DHCP no autentica mensajes, incluida, por ejemplo, la opci\u00f3n de ruta est\u00e1tica sin clases (121). Un atacante con la capacidad de enviar mensajes DHCP puede manipular rutas para redirigir el tr\u00e1fico VPN, lo que le permite leer, interrumpir o posiblemente modificar el tr\u00e1fico de red que se esperaba que estuviera protegido por la VPN. Muchos, si no la mayor\u00eda, de los sistemas VPN basados en enrutamiento IP son susceptibles a este tipo de ataques."
}
],
"id": "CVE-2024-3661",
"lastModified": "2025-01-15T16:50:28.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-06T19:15:11.027",
"references": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage"
],
"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
],
"url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Related"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Related"
],
"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Issue Tracking"
],
"url": "https://issuetracker.google.com/issues/263721377"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage"
],
"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Issue Tracking"
],
"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
],
"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000139553"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=40279632"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=40284111"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-3661"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://tunnelvisionbug.com/"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Related"
],
"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
],
"url": "https://www.leviathansecurity.com/research/tunnelvision"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Press/Media Coverage"
],
"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Related"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Related"
],
"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://issuetracker.google.com/issues/263721377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Press/Media Coverage"
],
"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000139553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=40279632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=40284111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-3661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://tunnelvisionbug.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Related"
],
"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.leviathansecurity.com/research/tunnelvision"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Press/Media Coverage"
],
"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
}
],
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
},
{
"lang": "en",
"value": "CWE-501"
}
],
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-17 14:15
Modified
2025-08-06 17:35
Severity ?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | secure_access_client | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3606FC7C-D760-468D-8E77-1C59214A3FF2",
"versionEndExcluding": "25.5.1.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows"
},
{
"lang": "es",
"value": "La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en Citrix Secure Access Client para Windows"
}
],
"id": "CVE-2025-0320",
"lastModified": "2025-08-06T17:35:43.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@citrix.com",
"type": "Secondary"
}
]
},
"published": "2025-06-17T14:15:30.270",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694724"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 22:15
Modified
2024-11-21 07:47
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been discovered in the Citrix Secure Access client for Windows
which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@citrix.com | https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | secure_access_client | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D61B4AB-FAA7-4CB5-9D47-C7DCE6951A4A",
"versionEndExcluding": "23.5.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability has been discovered in the Citrix Secure Access client for Windows\n\n\n\nwhich, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of\u00a0NT AUTHORITY\\SYSTEM.\n"
}
],
"id": "CVE-2023-24491",
"lastModified": "2024-11-21T07:47:58.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T22:15:09.750",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 22:15
Modified
2024-11-21 07:47
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@citrix.com | https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | secure_access_client | * | |
| canonical | ubuntu_linux | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BCE71C-4A98-43E1-BCB0-DB92CE369902",
"versionEndExcluding": "23.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019A2188-0877-45DE-8512-F0BF70DD179C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability has been discovered in the Citrix Secure Access client for Ubuntu\u00a0which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.\n"
}
],
"id": "CVE-2023-24492",
"lastModified": "2024-11-21T07:47:58.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T22:15:09.817",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}