Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890
Title
Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890
CTX Number
CTX691485
Article Type
Security Bulletin
Created Date
10/Sep/2024
Last Modified Date
10/Sep/2024
Severity
High
Solution
Description of Problem
Two vulnerabilities have been discovered that impact the Citrix Workspace app for Windows.
Affected Versions
The vulnerabilities affect the following supported versions of the Citrix Workspace app for Windows.
Current Release (CR)
- Citrix Workspace app for Windows versions BEFORE 2405
Long Term Service Release (LTSR)
- Citrix Workspace app for Windows versions BEFORE 2402 LTSR CU1
Summary
| CVE-ID | Description | Pre-conditions | CWE | CVSS |
| CVE-2024-7889 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges | Local access to the target system | CWE-664: Improper Control of a Resource Through its Lifetime | CVSS v4.0 Base Score: 7.0CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| CVE-2024-7890 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges | Local access to the target system | CWE-269: Improper Privilege Management | CVSS v4.0 Base Score: 5.4CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
What Customers Should Do
Citrix strongly recommends that customers upgrade their Citrix Workspace app for Windows to versions that contain the fixes as soon as possible.
Citrix Workspace app for Windows versions that contain the fixes are:
Current Release (CR)
- Citrix Workspace app for Windows 2405 and later versions
Long Term Service Release (LTSR)
Citrix Workspace app for Windows 2402 CU1 LTSR and later versions