Severity Rating: HIGH
Software Affected
Citrix Workspace app for Windows prior to 1912
Overview
Multiple vulnerabilities have been reported in Citrix Workspace and
Receiver that could allow a remote attacker to gain privileges on the
targeted system.
Description
These vulnerabilities exist in Citrix Workspace and Receiver due to
insecure permissions and an unquoted path for %PROGRAMDATA%\Citrix. A
remote attacker could exploit this vulnerability by copying a malicious
citrix.exe and webio.dll to the affected system.
Successful exploitation of this Vulnerability could allow the attackers to
gain privileges during the uninstallation of the application on the
targeted system.
Solution
Apply appropriate mitigation step as mentioned in the following link:
https://support.citrix.com/article/CTX275460
Vendor Information
Citrix System
https://support.citrix.com/article/CTX275460
References
Citrix System
https://support.citrix.com/article/CTX275460
GitHub
https://github.com/hessandrew/CVE-2020-13884
https://github.com/hessandrew/CVE-2020-13885
CVE Name
CVE-2020-13884
CVE-2020-13885
Software Affected
Citrix Workspace app for Windows prior to 1912
Overview
Multiple vulnerabilities have been reported in Citrix Workspace and
Receiver that could allow a remote attacker to gain privileges on the
targeted system.
Description
These vulnerabilities exist in Citrix Workspace and Receiver due to
insecure permissions and an unquoted path for %PROGRAMDATA%\Citrix. A
remote attacker could exploit this vulnerability by copying a malicious
citrix.exe and webio.dll to the affected system.
Successful exploitation of this Vulnerability could allow the attackers to
gain privileges during the uninstallation of the application on the
targeted system.
Solution
Apply appropriate mitigation step as mentioned in the following link:
https://support.citrix.com/article/CTX275460
Vendor Information
Citrix System
https://support.citrix.com/article/CTX275460
References
Citrix System
https://support.citrix.com/article/CTX275460
GitHub
https://github.com/hessandrew/CVE-2020-13884
https://github.com/hessandrew/CVE-2020-13885
CVE Name
CVE-2020-13884
CVE-2020-13885
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.