CVE-2024-7890: Local privilege escalation allows a low-privileged user to gain SYSTEM privileges
First published: Wed Sep 11 2024(Updated: )
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Credit: secure@citrix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Workspace app for Windows | <2203.1 | |
| Citrix Workspace app for Windows | =2203.1-cu1 | |
| Citrix Workspace app for Windows | =2203.1-cu2 | |
| Citrix Workspace app for Windows | =2203.1-cu3 | |
| Citrix Workspace app for Windows | =2203.1-cu4 | |
| Citrix Workspace app for Windows | =2203.1-cu5 | |
| Citrix Workspace app for Windows | =2203.1-cu6_hotfix1 | |
| Citrix Workspace app for Windows | =2203.1-cu6_hotfix2 | |
| Citrix Workspace app for Windows | =2402 | |
| Citrix Workspace app for Windows | <2405 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-7890?
CVE-2024-7890 is classified as a high severity vulnerability due to its potential for local privilege escalation.
How do I fix CVE-2024-7890?
To remediate CVE-2024-7890, users should upgrade to the latest version of Citrix Workspace app for Windows that is not affected.
Who is affected by CVE-2024-7890?
CVE-2024-7890 affects low-privileged users of Citrix Workspace app for Windows versions up to 2203.1 and certain cumulative updates.
What kind of attack does CVE-2024-7890 enable?
CVE-2024-7890 allows a low-privileged user to escalate their privileges to SYSTEM, potentially compromising the host system.
Is there a known exploit for CVE-2024-7890?
As of now, there is no public information on specific exploits for CVE-2024-7890, but its nature suggests it could be targeted.
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/weakness
- collector/the-register
- source/The Register
- alias/CVE-2024-43491
- alias/CVE-2024-38216
- alias/CVE-2024-38220
- alias/CVE-2024-38194
- alias/CVE-2024-38188
- alias/CVE-2024-43470
- alias/CVE-2024-43469
- alias/CVE-2024-38018
- alias/CVE-2024-43464
- alias/CVE-2024-38119
- alias/CVE-2024-24968
- alias/CVE-2024-23984
- alias/CVE-2024-41730
- alias/CVE-2024-33003
- alias/CVE-2024-7889
- alias/CVE-2024-7890
- alias/CVE-2024-8190
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/citrix
- canonical/citrix workspace app for windows
- version/citrix workspace app for windows/2203.1-cu1
- version/citrix workspace app for windows/2203.1-cu2
- version/citrix workspace app for windows/2203.1-cu3
- version/citrix workspace app for windows/2203.1-cu4
- version/citrix workspace app for windows/2203.1-cu5
- version/citrix workspace app for windows/2203.1-cu6_hotfix1
- version/citrix workspace app for windows/2203.1-cu6_hotfix2
- version/citrix workspace app for windows/2402