Citrix Workspace app for Windows vulnerable to Local Privilege Escalation Attack
CVE-2024-7889

7.3HIGH

Key Information:

Vendor: Citrix
Status: Citrix Workspace App For Windows
Vendor: CVE Published:; 11 September 2024

Summary

A local privilege escalation vulnerability exists within the Citrix Workspace app for Windows, which could allow low-privileged users to elevate their privileges to that of a system user. This situation poses a significant risk to system integrity as unauthorized access could lead to potential exploitation of other security weaknesses within the operating environment. Proper patching and system checks are essential to mitigate these risks. Citrix has released guidance for users to address this vulnerability and reinforce security protocols.

Affected Version(s)

Citrix Workspace app for Windows Current Release (CR) < 2405

Citrix Workspace app for Windows Long Term Service Release (LTSR) < 2402 LTSR CU1

References

https://support.citrix.com/s/article/CTX691485-citrix-wor...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Aug 16, 2024

Collectors

NVD DatabaseMitre Database