Citrix 1912 Workspace



Modified

This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

Current Description

With Citrix Virtual Apps and Desktops 1912 achieved LTSR (Long Term Servicing Release). This is the first LTSR since the 7.15 release, which was almost 3 years earlier. In 3 years, a lot has changed. The protocol had many improvements that directly impacted the user experience and bandwidth utilization. With each release, since 7.11 (2016). Run AutoSelect.exe from the Citrix Virtual Apps and Desktops 1912 LTSR CU2 ISO. In the Extend Deployment section, on the bottom left, click Citrix Director. In the Licensing Agreement page, select I have read, understand, and accept the terms, and click Next. In the Core Components page, click Next.

Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.

Citrix 1912 Workspace

Analysis Description

Citrix Workspace App before 2006.1 on Windows has Insecure Permissions for %PROGRAMDATA%Citrix (and an unquoted UninstallString), which allows local users to gain privileges by copying a malicious citrix.exe there.

Severity

CVSS 3.x Severity and Metrics:
NIST:NVD
Vector:NVD
Vector:HyperlinkResourcehttps://github.com/hessandrew/CVE-2020-13884ExploitThird Party Advisoryhttps://support.citrix.com/article/CTX275460

Weakness Enumeration

CWE-IDCWE NameSource
CWE-276Incorrect Default PermissionsNIST

Known Affected Software Configurations Switch to CPE 2.2

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Citrix Virtual Apps and Desktops (CVAD) 1912 is a Long-Term Support Release (LTSR), which is supported for 5 years from the December 2019 release date. Citrix will periodically release Cumulative Updates for 1912 LTSR.

Workspace

Citrix Workspace 1912 Ltsr Cu1 Download

1912

Start Here

  • Citrix Virtual Apps and Desktops (CVAD) Upgrades – LTSR vs CR, in-place upgrade from 7.x, migration from 6.5

Build Procedures

  • Catalogs, Delivery Groups, Zones – MCS ImagePrep, RDSH restart, tags
  • Published Applications, Application Groups, Published Content – App-V, Local App Access, Content Redirection
  • Other Build Topics:
1912

Citrix Ltsr Workspace

VDA Policies

  • Group Policy Computer Settings – Create GPOs, Windows GPO Templates, Computer Settings, FSLogix, Edge, Teams
  • Group Policy User Settings – Session Lockdown, Internet Explorer, File Explorer, Office, and Chrome
  • Citrix Policy Settings – security, graphics