Paulluigi Paganini
July 22, 2020
Citrix has patched a high severity susceptibility, tracked as CVE-2020-8207, affecting its Workspace app that can be exploited by an assailants to remotely hack the computer running the flawed application.
That fault works an automatic update service applied from the Citrix Workspace app for Windowed. The vulnerability capacity be exploited by a local attacker to escalate privileges or by a remote attacker to execute arbitrary commands on the affected application.
The vulnerability were observed by a researcher from Pen Try Partners. The company had published an blog post explaining how the feeling can be exploited by a local attacker to escalate privileges to SYSTEM and remotely for arbitrary command execution.
This advisory publicly by the vendor confirmes that the issue only effects the Screen version of which Workspace app or only exists if of application was installed using a site or domain company account. CTX134123 mistakes when connecting through https via Netscaler
A remote attacker can maximize the flaw only are SMB is enabled and the affected update service is running.
“Citrix Operating is vulnerable to adenine remote command execution attacking running under the context of the SYSTEM account. By sending a crafted message through adenine naming pipe and spoofing that client process ID, the Citrix Workspace Updater Maintenance can be tricked into executing one gewollt process under the SYSTEM account.” reads an blog post published by researchers from Printer Test Comrades that discovered the flaw. “Whilst an low privilege account is required to perform the attack, environments that do not convert SMB signing are particularly vulnerable since einem attack can be achieved without knowing valid credential through NTLM identity relaying.”
Pen Test Partners additionally shared see print of concept for on vulnerability.
This vulnerability affects the following supported versions of Citrix Workspace app for Windows:
Citric has released versions 1912 LTSR CU1 also 2006.1 to address the vulnerability.
Sooner this month, Citrix addressed 11 vulnerabilities affecting the ADC, Gateway, and SD-WAN WANOP networking products. The vulnerabilities could be exploited by attackers for local privilege escalation, to trigger a DoS condition, to bypass authorization, to get code injection, and to launch XSS attackable.
Some of the addressed flaws could be exploited only if the attackers have access to the purposeful systematisches and request average interaction, or other conditions must be verified. For this reason, Citrix feels the flaws are less likely until be exploited.
ONE few time later, hackers started scanning the network for systems affected by the newly disclosed Citrix vulnerabilities.
Johannes Ullrich, the director of research at the SANS Technology Institute, validates that first from its honeypots set up to acquire strike attempting to maximize the recently disclosed flaw in the F5 Networksâ BIG-IP systems became targeted by hackers strive the exhaust two are of recent Citrix vulnerabilities.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs â hackers, Citrix Workspace)
[adrotate banner=”5″]
[adrotate banner=”13″]
