CVE-2024-7890

Published: Sep 11, 2024Modified: Oct 22, 2024

5.4

Vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: secure@citrix.com (Secondary)

Description

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Affected (10)

Products: Citrix: Workspace

Citrix

1 product

Workspace

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Citrix Workspace	Before 2203.1
Citrix Workspace	Version 2203.1 cu1
Citrix Workspace	Version 2203.1 cu2
Citrix Workspace	Version 2203.1 cu3
Citrix Workspace	Version 2203.1 cu4
Citrix Workspace	Version 2203.1 cu5
Citrix Workspace	Version 2203.1 cu6_hotfix1
Citrix Workspace	Version 2203.1 cu6_hotfix2
Citrix Workspace	Version 2402

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Citrix Workspace	Before 2405

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US

Source: secure@citrix.com

Vendor Advisory

Timeline

No history available yet.