Upgrading to version 1912 LTSR CU4 or 2105 eliminates this vulnerability.ĬVSSv3 info edit VulDB Meta Base Score: 5. The MITRE ATT&CK project declares the attack technique as T1068. The current price for an exploit might be approx. There are neither technical details nor an exploit publicly available. Required for exploitation is a authentication. Access to the local network is required for this attack to succeed. This vulnerability is traded as CVE-2021-22907 since. CVE summarizes:Īn improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 21 LTSR prior to CU4. CVADHELP-17725 When using Citrix Workspace app 1912 LTSR CU4, the devices connected with COM ports greater than 9 might fail to map within the session. The issue occurs when the Receiver clean-up utility fails to start the cleanup process. This is going to have an impact on confidentiality, integrity, and availability. Attempts to upgrade Citrix Workspace App for Windows using the /forceinstall parameter might fail. The manipulation with an unknown input leads to a privilege escalation vulnerability.
A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability was found in Citrix Workspace App on Windows ( Connectivity Software). Two policies provide anti-keylogging and anti-screen-capturing capabilities in a Citrix HDX session. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Workspace app is the new name for Receiver.
Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 kommentar(er)
