CVE-2024-7889 - OpenCVE

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Citrix	Workspace App

No data.

No data.

References

Link	Providers
https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US

History

Fri, 13 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Citrix Citrix workspace App
Weaknesses		CWE-664
CPEs		cpe:2.3:a:citrix:workspace_app::::::windows::* cpe:2.3:a:citrix:workspace_app:::::ltsr:windows::
Vendors & Products		Citrix Citrix workspace App
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 22:30:00 +0000

Type	Values Removed	Values Added
Description		Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Title		Local privilege escalation allows a low-privileged user to gain SYSTEM privileges
References		https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US
Metrics		cvssV4_0 `{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2024-09-11T22:16:41.209Z

Updated: 2024-09-13T17:29:12.344Z

Reserved: 2024-08-16T16:50:35.785Z

Link: CVE-2024-7889

Vulnrichment

Updated: 2024-09-13T17:22:22.933Z

NVD

Status : Awaiting Analysis

Published: 2024-09-11T23:15:10.023

Modified: 2024-09-13T18:35:18.777

Link: CVE-2024-7889

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7889", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2024-08-16T16:50:35.785Z", "datePublished": "2024-09-11T22:16:41.209Z", "dateUpdated": "2024-09-13T17:29:12.344Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Citrix Workspace app for Windows", "vendor": "Citrix", "versions": [{"lessThan": "2405", "status": "affected", "version": "Current Release (CR)", "versionType": "patch"}, {"lessThan": "2402 LTSR CU1", "status": "affected", "version": "Long Term Service Release (LTSR)", "versionType": "patch"}]}], "datePublic": "2024-09-10T22:12:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Local privilege escalation allows a low-privileged user to gain SYSTEM privileges</span> in Citrix Workspace app for Windows"}], "value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Citrix Workspace app for Windows"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-09-11T22:16:41.209Z"}, "references": [{"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"}], "source": {"discovery": "UNKNOWN"}, "title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-664", "lang": "en", "description": "CWE-664 Improper Control of a Resource Through its Lifetime"}]}], "affected": [{"vendor": "citrix", "product": "workspace_app", "cpes": ["cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "2405", "versionType": "custom"}]}, {"vendor": "citrix", "product": "workspace_app", "cpes": ["cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "2402_cu1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T03:55:27.338267Z", "id": "CVE-2024-7889", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T17:29:12.344Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7889", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-12T03:55:27.338267Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*"], "vendor": "citrix", "product": "workspace_app", "versions": [{"status": "affected", "version": "0", "lessThan": "2405", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*"], "vendor": "citrix", "product": "workspace_app", "versions": [{"status": "affected", "version": "0", "lessThan": "2402_cu1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-664", "description": "CWE-664 Improper Control of a Resource Through its Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T17:22:22.933Z"}}], "cna": {"title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Citrix", "product": "Citrix Workspace app for Windows", "versions": [{"status": "affected", "version": "Current Release (CR)", "lessThan": "2405", "versionType": "patch"}, {"status": "affected", "version": "Long Term Service Release (LTSR)", "lessThan": "2402 LTSR CU1", "versionType": "patch"}], "defaultStatus": "unaffected"}], "datePublic": "2024-09-10T22:12:00.000Z", "references": [{"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Citrix Workspace app for Windows", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Local privilege escalation allows a low-privileged user to gain SYSTEM privileges</span> in Citrix Workspace app for Windows", "base64": false}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-09-11T22:16:41.209Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7889", "state": "PUBLISHED", "dateUpdated": "2024-09-13T17:29:12.344Z", "dateReserved": "2024-08-16T16:50:35.785Z", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "datePublished": "2024-09-11T22:16:41.209Z", "assignerShortName": "Citrix"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Citrix Workspace app for Windows"}, {"lang": "es", "value": "La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en la aplicaci\u00f3n Citrix Workspace para Windows"}], "id": "CVE-2024-7889", "lastModified": "2024-09-13T18:35:18.777", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2024-09-11T23:15:10.023", "references": [{"source": "secure@citrix.com", "url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-664"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}