CVE-2020-8207 — Improper Access Control in Citrix Workspace

CWE-284 — Improper Access Control CWE-287 — Improper Authentication4 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 27.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Workspace Citrix Workspace Citrix Workspace APP +1 more

Timeline

PublishedJul 24

Latest updateMay 24

Description

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDcitrix/workspace1912, 2002+1

▶citrixcitrix/workspace

▶citrixcitrix/citrix_workspace

▶citrixcitrix/citrix_workspace_app

▶citrixcitrix/xenserver

🔴Vulnerability Details

GHSA

GHSA-4qr3-p83g-c72j: Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006↗2022-05-24

▶

📋Vendor Advisories

Citrix

Citrix Workspace app for Windows Security Update↗2020-09-08

▶

Citrix

CVE-2020-8207: Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic upda↗2020-07-24

▶