5 matches found
CVE-2020-8207
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running...
Known Citrix Workspace Bug Open to New Attack Vector
A Citrix Workspace vulnerability that was fixed in July has been found to have a secondary attack vector, which would allow cybercriminals to elevate privileges and remotely execute arbitrary commands under the SYSTEM account. The bug CVE-2020-8207, exists in the automatic update service of the...
CVE-2020-8207
CVE-2020-8207 concerns Citrix Workspace app for Windows (1912 CU1 and 2006.1) where an improper access control in the Citrix Workspace Updater Service allows privilege escalation and code execution when the automatic updater is running. The vulnerability stems from the UpdateFilePath/UpdateFileHa...
CVE-2020-8207
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running...
Raining SYSTEM Shells with Citrix Workspace app
TL;DR Citrix Workspace is vulnerable to a remote command execution attack running under the context of the SYSTEM account. By sending a crafted message over a named pipe and spoofing the client process ID, the Citrix Workspace Updater Service can be tricked into executing an arbitrary process und...