CVE-2024-7889

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:workspace:::::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu1:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu2:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu3:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu4:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu5:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix1:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix2:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2402:-:::ltsr:windows::

Configuration 2 (hide)

cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*

History

22 Oct 2024, 14:50

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.3
References	~~() https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US -~~	() https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US - Vendor Advisory
First Time		Citrix workspace Citrix
CPE		cpe:2.3:a:citrix:workspace:2203.1:cu5:::ltsr:windows:: cpe:2.3:a:citrix:workspace:::::-:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu4:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu3:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix2:::ltsr:windows:: cpe:2.3:a:citrix:workspace:::::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix1:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu2:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2402:-:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2203.1:cu1:::ltsr:windows::

13 Sep 2024, 18:35

Type	Values Removed	Values Added
CWE		CWE-664

12 Sep 2024, 12:35

Type	Values Removed	Values Added
Summary		(es) La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en la aplicación Citrix Workspace para Windows

11 Sep 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-11 23:15

Updated : 2024-10-22 14:50

NVD link : CVE-2024-7889

Mitre link : CVE-2024-7889

CVE.ORG link : CVE-2024-7889

JSON object : View

Products Affected

citrix

workspace

CWE

NVD-CWE-noinfo CWE-664

Improper Control of a Resource Through its Lifetime

{"id": "CVE-2024-7889", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}], "cvssMetricV40": [{"type": "Secondary", "source": "secure@citrix.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 7.0, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-11T23:15:10.023", "references": [{"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US", "tags": ["Vendor Advisory"], "source": "secure@citrix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-664"}]}], "descriptions": [{"lang": "en", "value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Citrix Workspace app for Windows"}, {"lang": "es", "value": "La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en la aplicaci\u00f3n Citrix Workspace para Windows"}], "lastModified": "2024-10-22T14:50:55.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "9F223A0E-ACB8-4448-9F53-BEAC3420D3CF", "versionEndExcluding": "2203.1"}, {"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu1:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "A1A14B8C-1B61-4682-AABE-4732B65E51BC"}, {"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu2:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "B7B2DFE4-4965-46F8-A8E6-28E88EE1E8A8"}, {"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu3:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "8C9D0ACE-55C4-4AB3-AC48-91AF823A8D8B"}, {"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu4:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "0F12A663-578A-43D8-B141-31EC36BC72C4"}, {"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu5:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "9AC216C0-F7A6-4B71-8F3E-76C6ACC71F60"}, {"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix1:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "D7906C9C-9414-42D0-84EF-6447C4E5980F"}, {"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix2:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "2C6ABB6B-C406-42EC-B46A-E6FF478D7607"}, {"criteria": "cpe:2.3:a:citrix:workspace:2402:-:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "54058497-4D16-4C1F-8A75-D4C5F8B11FCD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*", "vulnerable": true, "matchCriteriaId": "E588BF02-9C6F-4D41-8AF4-2DFFB2B06CA4", "versionEndExcluding": "2405"}], "operator": "OR"}]}], "sourceIdentifier": "secure@citrix.com"}

7.3 /10