CVE-2024-7890
published 2024-09-11CVE-2024-7890: Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
PriorityP336high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
EPSS
0.18%
7.5th percentile
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_workspace | — | — |
| citrix | citrix_workspace_app | — | — |
| citrix | citrix_workspace_app_for_windows | >= Current Release (CR) 0 < 2405 | 2405 |
| citrix | citrix_workspace_app_for_windows | >= Long Term Service Release (LTSR) 0 < 2402 LTSR CU1 | 2402 LTSR CU1 |
| citrix | workspace | < 2203.1 | 2203.1 |
| citrix | workspace | < 2405 | 2405 |
| citrix | workspace | — | — |
| citrix | workspace | — | — |
| citrix | workspace | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv4.05.4MEDIUMCVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p7wm-h6q7-mx95: Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
ghsa_unreviewed·2024-09-12
CVE-2024-7890 [MEDIUM] CWE-269 GHSA-p7wm-h6q7-mx95: Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Citrix
CVE-2024-7890: Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
vendor_citrix·2024-09-11·CVSS 7.3
CVE-2024-7890 [HIGH] CWE-269 CVE-2024-7890: Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVE-2024-7890: Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Citrix
Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890
vendor_citrix·2024-09-10·CVSS 7.0
CVE-2024-7889 [HIGH] CWE-269 Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890
Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890
of Problem Two vulnerabilities have been discovered that impact the Citrix Workspace app for Windows.
CVE References: CVE-2024-7889, CVE-2024-7890
Affected Products: Citrix Workspace app, XenServer, workspace
Severity: High
CVSS Score: 7.0
Remediation:
Citrix strongly recommends that customers upgrade their Citrix Workspace app for Windows to versions that contain the fixes as soon as possible. Citrix Workspace app for Windows versions that contain the fixes are: Current Release (CR) Citrix Workspace app for Windows 2405 and later versions Long Term Service Release (LTSR) Citrix Workspace app for Windows 2402 CU1 LTSR and later versions Citrix Workspace app for Windows 2203.1 LTSR CU6 Hotfix 3 - https://s
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-11
Published