Ubuntu
CVE-2023-24492
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
AnalysisAI
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. Affected products include: Citrix Secure Access Client.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
More in Secure Access Client
View allDHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7
Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run ar
Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-pr
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate t
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate the
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the aff
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally au
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally au
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticate
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an a
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to d
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to mod
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today