CVE-2024-7890 - OpenCVE

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Citrix	Workspace App

No data.

No data.

References

Link	Providers
https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US

History

Fri, 13 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Citrix Citrix workspace App
Weaknesses		CWE-269
CPEs		cpe:2.3:a:citrix:workspace_app::::::windows::* cpe:2.3:a:citrix:workspace_app:::::ltsr:windows::
Vendors & Products		Citrix Citrix workspace App
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 22:45:00 +0000

Type	Values Removed	Values Added
Description		Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Title		Local privilege escalation allows a low-privileged user to gain SYSTEM privileges
References		https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US
Metrics		cvssV4_0 `{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2024-09-11T22:32:17.479Z

Updated: 2024-09-13T17:30:03.503Z

Reserved: 2024-08-16T16:50:37.055Z

Link: CVE-2024-7890

Vulnrichment

Updated: 2024-09-13T17:18:15.433Z

NVD

Status : Awaiting Analysis

Published: 2024-09-11T23:15:10.133

Modified: 2024-09-13T18:35:19.517

Link: CVE-2024-7890

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7890", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2024-08-16T16:50:37.055Z", "datePublished": "2024-09-11T22:32:17.479Z", "dateUpdated": "2024-09-13T17:30:03.503Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Citrix Workspace app for Windows", "vendor": "Citrix", "versions": [{"lessThan": "2405", "status": "affected", "version": "Current Release (CR) 0", "versionType": "patch"}, {"lessThan": "2402 LTSR CU1", "status": "affected", "version": "Long Term Service Release (LTSR) 0", "versionType": "patch"}]}], "datePublic": "2024-09-10T22:28:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(252, 252, 252);\">Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows</span><br>"}], "value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-09-11T22:32:17.479Z"}, "references": [{"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"}], "source": {"discovery": "UNKNOWN"}, "title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "affected": [{"vendor": "citrix", "product": "workspace_app", "cpes": ["cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "2405", "versionType": "custom"}]}, {"vendor": "citrix", "product": "workspace_app", "cpes": ["cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "2402_cu1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T03:55:28.595311Z", "id": "CVE-2024-7890", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T17:30:03.503Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7890", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-12T03:55:28.595311Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*"], "vendor": "citrix", "product": "workspace_app", "versions": [{"status": "affected", "version": "0", "lessThan": "2405", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*"], "vendor": "citrix", "product": "workspace_app", "versions": [{"status": "affected", "version": "0", "lessThan": "2402_cu1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T17:18:15.433Z"}}], "cna": {"title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Citrix", "product": "Citrix Workspace app for Windows", "versions": [{"status": "affected", "version": "Current Release (CR) 0", "lessThan": "2405", "versionType": "patch"}, {"status": "affected", "version": "Long Term Service Release (LTSR) 0", "lessThan": "2402 LTSR CU1", "versionType": "patch"}], "defaultStatus": "unaffected"}], "datePublic": "2024-09-10T22:28:00.000Z", "references": [{"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(252, 252, 252);\">Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows</span><br>", "base64": false}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-09-11T22:32:17.479Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7890", "state": "PUBLISHED", "dateUpdated": "2024-09-13T17:30:03.503Z", "dateReserved": "2024-08-16T16:50:37.055Z", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "datePublished": "2024-09-11T22:32:17.479Z", "assignerShortName": "Citrix"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows"}, {"lang": "es", "value": "La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en la aplicaci\u00f3n Citrix Workspace para Windows"}], "id": "CVE-2024-7890", "lastModified": "2024-09-13T18:35:19.517", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2024-09-11T23:15:10.133", "references": [{"source": "secure@citrix.com", "url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}