Cloud Software Group has disclosed two vulnerabilities affecting Citrix Workspace app for Windows that could allow a malicious actor with low-level access to escalate their privileges to the highest level (SYSTEM), potentially taking complete control of a compromised system.
Vulnerability Details:
- The first vulnerability tracked as CVE-2024-7889 with a CVSSv4 score of 7.0, successful exploitation could allow a local attacker to execute arbitrary code with SYSTEM privileges.
- The second vulnerability tracked as CVE-2024-7890 with a CVSSv4 score of 5.4, an attacker could exploit this flaw to gain elevated privileges, but it might require additional steps or conditions.
Advertisements
Affected Versions:
- Long Term Service Release (LTSR): Citrix Workspace app for Windows versions BEFORE 2402 LTSR CU1.Upgrade to Citrix Workspace app for Windows 2405 or later
- Current Release (CR): Citrix Workspace app for Windows versions BEFORE 2405. Upgrade to Citrix Workspace app for Windows 2402 LTSR CU1 or later
Security researcher Sandro Poppi responsibly disclosed these vulnerabilities and worked with Cloud Software Group to ensure the remediation.
