Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890
Description of Problem
Two vulnerabilities have been discovered that impact the Citrix Workspace app for Windows.
Affected Versions
The vulnerabilities affect the following supported versions of the Citrix Workspace app for Windows.
- Current Release (CR)
- Citrix Workspace app for Windows versions BEFORE 2405
- Long Term Service Release (LTSR)
- Citrix Workspace app for Windows versions BEFORE 2402 LTSR CU1
Summary
CVD-ID | Description | Pre-Requisites | CWE | CVSS |
CVE-2024-7889 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges | Local access to the target system | CWE-664: Improper Control of a Resource Through its Lifetime | CVSS v4.0 Base Score: 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVE-2024-7890 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges | Local access to the target system | CWE-269: Improper Privilege Management | CVSS v4.0 Base Score: 5.4 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
What Customers Should Do
Citrix strongly recommends that customers upgrade their Citrix Workspace app for Windows to versions that contain the fixes as soon as possible. Citrix Workspace app for Windows versions that contain the fixes are:
- Current Release (CR)
- Citrix Workspace app for Windows 2405 and later versions
- Long Term Service Release (LTSR)
- Citrix Workspace app for Windows 2402 CU1 LTSR and later versions
More information
https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US For assistance from the Kraft Kennedy team, pleaseĀ contact us.