Receiver Remote Code Execution Vulnerability

Receiver Remote Code Execution Vulnerability


Overview

A remote code execution vulnerability has been identified in the Citrix Workspace & Citrix Receiver client for Windows. Citrix Workspace allows centralized app and file management. By exploiting this vulnerability, the attacker could gain remote access to the target’s storage allowing data exfiltration and/or remote code execution.

Threat Intelligence

At this time, the Masergy Threat Intelligence Team is not aware of any in-the-wild exploitation or public proof-of-concept exploits although the NCC Group has demonstrated a proof-of-concept exploit. We will continue to monitor the situation as it develops. We assess that it is probable that actors will pursue the development of exploits for this vulnerability.

Technical Summary

CVE-2019-11634 takes advantage of a Citrix client on Windows that has been configured to run in unauthenticated / anonymous mode by launching a Citrix Workspace session via a browser. Normal behavior would have a prompt requesting permission to access the resources on the host, however when launching a session via a browser a prompt may or may not be displayed depending on the browser used. This allows an attacker to obtain read/write access to the resources of the host which could enable code execution on their device. When exploiting via Microsoft Edge or Internet Explorer, zero interaction is required. When exploiting via Google Chrome or Mozilla Firefox, user interaction may be required depending on the configuration.

Recommendations

We recommend the following actions be taken:

  • Upgrade the Citrix Workspace app for Windows to version 1904 or later, or Citrix Receiver for Windows to LTSR 4.9 CU6 version 4.9.6001 after appropriate testing.
  • Citrix noted that Single Sign-on could stop working after applying the security update for browsers other than Internet Explorer. If this is the case, Citrix provided documentation to ensure proper configuration.

Patches

Citrix provided links to the updated software in their advisory https://support.citrix.com/article/CTX251986

References

Vulnerabilities

CVE-2019-11634
  • Remote Code Execution in Citrix Workspace / Receiver

Systems Affected

    Microsoft Windows
  • Citrix Workspace app for Windows prior to version 1904
  • Citrix Receiver for Windows to LTSR 4.9 CU6 version earlier than 4.9.6001

We use cookies to improve your web experience, better understand how our site is used, and personalize advertising. By continuing to use this site you are giving us your consent to do this. Read more and make cookie choices by visiting our privacy policy.