• Insights

Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890

Jeff Silverman

< 1 min read

All Insights

Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890

Description of Problem

Two vulnerabilities have been discovered that impact the Citrix Workspace app for Windows.

Affected Versions

The vulnerabilities affect the following supported versions of the Citrix Workspace app for Windows.

  • Current Release (CR)
    • Citrix Workspace app for Windows versions BEFORE 2405
  • Long Term Service Release (LTSR)
    • Citrix Workspace app for Windows versions BEFORE 2402 LTSR CU1
Summary
CVD-ID Description Pre-Requisites CWE CVSS
CVE-2024-7889 Local privilege escalation allows a low-privileged user to gain SYSTEM privileges Local access to the target system CWE-664: Improper Control of a Resource Through its Lifetime CVSS v4.0 Base Score: 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2024-7890 Local privilege escalation allows a low-privileged user to gain SYSTEM privileges Local access to the target system CWE-269: Improper Privilege Management CVSS v4.0 Base Score: 5.4 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
What Customers Should Do

Citrix strongly recommends that customers upgrade their Citrix Workspace app for Windows to versions that contain the fixes as soon as possible. Citrix Workspace app for Windows versions that contain the fixes are:

  • Current Release (CR)
    • Citrix Workspace app for Windows 2405 and later versions
  • Long Term Service Release (LTSR)
    • Citrix Workspace app for Windows 2402 CU1 LTSR and later versions
More information

Security Lock https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US For assistance from the Kraft Kennedy team, pleaseĀ contact us.