CVE-2024-6150 - Vulnerability Details - OpenCVE

ReportizFlow

A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://support.citrix.com/article/CTX678025

History

Tue, 29 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-863
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2024-07-10T20:31:26.370Z

Updated: 2024-10-29T18:21:15.712Z

Reserved: 2024-06-18T21:14:34.056Z

Link: CVE-2024-6150

Vulnrichment

Updated: 2024-08-01T21:33:04.941Z

NVD

Status : Awaiting Analysis

Published: 2024-07-10T21:15:10.920

Modified: 2024-11-21T09:49:04.327

Link: CVE-2024-6150

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6150", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2024-06-18T21:14:34.056Z", "datePublished": "2024-07-10T20:31:26.370Z", "dateUpdated": "2024-10-29T18:21:15.712Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Citrix Provisioning", "vendor": "Citrix", "versions": [{"lessThan": "0", "status": "affected", "version": "2402", "versionType": "patch"}, {"lessThan": "CU5", "status": "affected", "version": "22.3 LTSR", "versionType": "patch"}, {"lessThan": "CU9", "status": "affected", "version": "1912 LTSR", "versionType": "patch"}]}], "datePublic": "2024-07-09T20:29:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><span style=\"background-color: transparent;\">A non-admin user can cause short-term disruption in Target VM availability </span></b>in<b><span style=\"background-color: transparent;\"> Citrix Provisioning</span></b><br>"}], "value": "A non-admin user can cause short-term disruption in Target VM availability\u00a0in\u00a0Citrix Provisioning"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-07-10T20:31:26.370Z"}, "references": [{"url": "https://support.citrix.com/article/CTX678025"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-863", "lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T14:46:53.544580Z", "id": "CVE-2024-6150", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T18:21:15.712Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:04.941Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX678025", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX678025", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:04.941Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6150", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-11T14:46:53.544580Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T14:46:57.871Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Citrix", "product": "Citrix Provisioning", "versions": [{"status": "affected", "version": "2402", "lessThan": "0", "versionType": "patch"}, {"status": "affected", "version": "22.3 LTSR", "lessThan": "CU5", "versionType": "patch"}, {"status": "affected", "version": "1912 LTSR", "lessThan": "CU9", "versionType": "patch"}], "defaultStatus": "unaffected"}], "datePublic": "2024-07-09T20:29:00.000Z", "references": [{"url": "https://support.citrix.com/article/CTX678025"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A non-admin user can cause short-term disruption in Target VM availability\u00a0in\u00a0Citrix Provisioning", "supportingMedia": [{"type": "text/html", "value": "<b><span style=\"background-color: transparent;\">A non-admin user can cause short-term disruption in Target VM availability </span></b>in<b><span style=\"background-color: transparent;\"> Citrix Provisioning</span></b><br>", "base64": false}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-07-10T20:31:26.370Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6150", "state": "PUBLISHED", "dateUpdated": "2024-10-29T18:21:15.712Z", "dateReserved": "2024-06-18T21:14:34.056Z", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "datePublished": "2024-07-10T20:31:26.370Z", "assignerShortName": "Citrix"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A non-admin user can cause short-term disruption in Target VM availability\u00a0in\u00a0Citrix Provisioning"}, {"lang": "es", "value": "Un usuario que no sea administrador puede provocar una interrupci\u00f3n a corto plazo en la disponibilidad de la m\u00e1quina virtual de destino en Citrix Provisioning"}], "id": "CVE-2024-6150", "lastModified": "2024-11-21T09:49:04.327", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-07-10T21:15:10.920", "references": [{"source": "[email protected]", "url": "https://support.citrix.com/article/CTX678025"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.citrix.com/article/CTX678025"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}