CVE-2024-6286

Published: Jul 10, 2024Modified: Jul 25, 2025

8.5

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: secure@citrix.com (Secondary)

Description

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Affected (9)

Products: Citrix: Workspace

Citrix

1 product

Workspace

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Citrix Workspace	Before 2403.1
Citrix Workspace	Before 2203.1
Citrix Workspace	Version 2203.1
Citrix Workspace	Version 2203.1 cu1
Citrix Workspace	Version 2203.1 cu2
Citrix Workspace	Version 2203.1 cu3
Citrix Workspace	Version 2203.1 cu4
Citrix Workspace	Version 2203.1 cu5
Citrix Workspace	Version 2203.1 cu6

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://support.citrix.com/article/CTX678036

Source: secure@citrix.com

Vendor Advisory

https://support.citrix.com/article/CTX678036

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.