CVE-2024-7890 - Vulnerability Details

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Citrix	Workspace Workspace App

Configuration 1 [-]

OR	cpe:2.3:a:citrix:workspace:::::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu1:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu2:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu3:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu4:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu5:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix1:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix2:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2402:-:::ltsr:windows::

Configuration 2 [-]

cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*

No data.

References

Link	Providers
https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US

History

Tue, 22 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Citrix workspace
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:citrix:workspace:::::-:windows:: cpe:2.3:a:citrix:workspace:::::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu1:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu2:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu3:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu4:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu5:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix1:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix2:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2402:-:::ltsr:windows::
Vendors & Products		Citrix workspace
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}`

Fri, 13 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Citrix Citrix workspace App
Weaknesses		CWE-269
CPEs		cpe:2.3:a:citrix:workspace_app::::::windows::* cpe:2.3:a:citrix:workspace_app:::::ltsr:windows::
Vendors & Products		Citrix Citrix workspace App
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 22:45:00 +0000

Type	Values Removed	Values Added
Description		Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Title		Local privilege escalation allows a low-privileged user to gain SYSTEM privileges
References		https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US
Metrics		cvssV4_0 `{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2024-09-11T22:32:17.479Z

Updated: 2024-09-13T17:30:03.503Z

Reserved: 2024-08-16T16:50:37.055Z

Link: CVE-2024-7890

Vulnrichment

Updated: 2024-09-13T17:18:15.433Z

NVD

Status : Analyzed

Published: 2024-09-11T23:15:10.133

Modified: 2024-10-22T14:53:32.763

Link: CVE-2024-7890

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object