Unrated severityNVD Advisory· Published Sep 10, 2024· Updated Sep 10, 2024

CVE-2024-42423

Description

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Citrix Workspace App on Dell ThinOS has incorrect authorization when CEB is enabled, letting low-privilege local users access restricted actions.

Vulnerability

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. This flaw allows a local unauthenticated user with low privileges to bypass intended access controls [1].

Exploitation

An attacker must have local low-privilege access to the affected Dell ThinOS system where Citrix Workspace App is installed and Citrix CEB is enabled for WebLogin. No authentication is required beyond existing low-privilege access; the attacker can exploit the incorrect authorization check to perform actions that should be restricted.

Impact

Successful exploitation leads to unauthorized actions, specifically information disclosure and tampering. The attacker gains the ability to read sensitive information and modify data that should be protected, without needing higher privileges [1].

Mitigation

Dell has released a security update addressing this vulnerability as part of DSA-2024-229. Users should apply the latest updates for Dell ThinOS. No workaround was disclosed in the available references. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [1].

References

DSA-2024-229: Security Update for Dell ThinOS Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Dell/ThinOSllm-fuzzy
Range: = 2311
Citrix Systems/Workspace appllm-fuzzy
Range: = 23.9.0.24.4
Dell/Wyse Proprietary OS (Modern ThinOS)v5
Range: ThinOS 2311

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/en-us/000225289/dsa-2024-229-security-update-for-dell-thinos-vulnerabilitiesmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000