The vulnerability known as CVE-2020-8207, has been described as highly serious and affects the auto-update service used by Citrix Workspace for Windows. The security loophole could be exploited by both a local intruder for a privileged escalation attack and a remote intruder for arbitrary code execution.
A researcher of the company Pen Test Partners, was the first to discover her vulnerability. The company even published a post, which explains how the weakness can be exploited by a local attacker to escalate privileges and by a remote attacker for arbitrary code execution.
Pen Test Partners has shared some technical details, along with a video showing how a malicious agent could exploit the vulnerability.
According to Citrix, the defect affects the Citrix Workspace application for Windows 1912 LTSR and 2002. To correct the error, the company released the versions 1912 LTSR CU1 and 2006.1.
Citrix noted that only the Windows version of Workspace is affected, and the vulnerability only exists if the application was installed using a local account or a domain administrator account. Remote attacks can only be carried out if the SMB the affected information service is activated and running.
Earlier this month, Citrix informed its customers that it had 11 vulnerabilities in its ADC, Gateway and SD-WAN networking products. Just days after the announcement of the repairs, the company discovered that there were malicious agents scanning the network for vulnerabilities.
Last week the company denied allegations that its systems had been compromised and that some user information had been found on Dark Web. The company clarified that the data came from a third party and claimed that it was not very sensitive.