Summary: Cloud Software Group has announced two critical vulnerabilities in the Citrix Workspace app for Windows that could allow attackers to escalate privileges to SYSTEM level. Users are urged to update to the latest versions to mitigate these risks.
Threat Actor: Malicious Actors | malicious actors
Victim: Cloud Software Group Users | Cloud Software Group
Key Point :
- Two vulnerabilities identified as CVE-2024-7889 (High severity, CVSSv4 score 7.0) and CVE-2024-7890 (Medium severity, CVSSv4 score 5.4).
- Users are advised to upgrade to Citrix Workspace app for Windows 2405 or later for Current Release and 2402 LTSR CU1 or later for Long Term Service Release.
- Security researcher Sandro Poppi was acknowledged for responsibly disclosing the vulnerabilities.
In a security advisory released recently, Cloud Software Group has disclosed two vulnerabilities affecting the widely used Citrix Workspace app for Windows. These vulnerabilities, identified as CVE-2024-7889 and CVE-2024-7890, could allow a malicious actor with low-level access to escalate their privileges to the highest level (SYSTEM), potentially taking complete control of a compromised system.
Affected Versions:
- Current Release (CR): Citrix Workspace app for Windows versions BEFORE 2405
- Long Term Service Release (LTSR): Citrix Workspace app for Windows versions BEFORE 2402 LTSR CU1
Vulnerability Details:
- CVE-2024-7889: This vulnerability has a CVSSv4 score of 7.0, indicating a βHighβ severity level. Successful exploitation could allow a local attacker to execute arbitrary code with SYSTEM privileges.
- CVE-2024-7890: With a CVSSv4 score of 5.4, this vulnerability is rated as βMediumβ severity. An attacker could exploit this flaw to gain elevated privileges, but it might require additional steps or conditions.
Cloud Software Group has extended its thanks to security researcher Sandro Poppi for responsibly disclosing these vulnerabilities and working with them to ensure the safety of their customers.
Urgency of Update:
Cloud Software Group has strongly urged all users of the Citrix Workspace app for Windows to update to the latest versions that include the necessary security patches as soon as possible.
- Current Release (CR): Upgrade to Citrix Workspace app for Windows 2405 or later
- Long Term Service Release (LTSR): Upgrade to Citrix Workspace app for Windows 2402 LTSR CU1 or later