CVE-2024-7890Improper Privilege Management in Citrix Workspace APP FOR Windows

CWE-269Improper Privilege ManagementCWE-664Improper Control of a Resource Through its LifetimeCWE-416Use After Free5 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 68.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Citrix Workspace APP FOR WindowsCitrix WorkspaceCitrix Workspace+2 more
Timeline
PublishedSep 11
Latest updateSep 12

Description

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages6 packages

CVEListV5citrix/citrix_workspace_app_for_windowsCurrent Release (CR) 02405+1
NVDcitrix/workspace< 2203.1+3

🔴Vulnerability Details

1
GHSA
GHSA-p7wm-h6q7-mx95: Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows2024-09-12

📋Vendor Advisories

2
Citrix
CVE-2024-7890: Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows2024-09-11
Citrix
Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-78902024-09-10