Citrix Workspace App and Receiver App for Windows Remote Code Execution Vulnerability (CTX251986)

High Nessus Plugin ID 134975

Synopsis

The remote device is affected by a remote code execution vulnerability.

Description

The version of Citrix Workspace installed on the remote host is affected by a remote code execution vulnerability due to incorrect access control. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the remote host.

Solution

Upgrade to Citrix Workspace app to version 1904 or later and Receiver for Windows to LTSR 4.9 CU6 version 4.9.6001

See Also

https://support.citrix.com/article/CTX251986

Plugin Details

Severity: High

ID: 134975

File Name: citrix_workspace_CTX251986.nasl

Version: 1.2

Type: local

Family: CGI abuses

Published: 2020/03/27

Updated: 2020/03/31

Dependencies: 130592

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2019-11634

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:workspace

Required KB Items: installed_sw/Citrix Workspace

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/05/10

Vulnerability Publication Date: 2019/05/13

Reference Information

CVE: CVE-2019-11634

BID: 108334

CWE: 284