Rewterz Threat Advisory – CVE-2019-11634 – Citrix Multiple Products Security Bypass Vulnerability

May 21, 2019

Severity

High

Analysis Summary

A vulnerability has been identified in Citrix Workspace app and Receiver for Windows that could result in local drive access preferences not being enforced allowing an attacker read/write access to the clients local drives which could enable code execution on the client device.

Impact

Security Bypass

Affected Vendors

Citrix

Affected Products

Citrix Receiver for Windows 4.x
Citrix Workspace app for Windows 19.x

Remediation

Update to a fixed version.

Citrix Receiver for Windows: Update to version 4.9.6001.

Citrix Workspace app for Windows: Update to version 1904.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us