Main Vulnerability Database Vulnerabilities #VU46990

#VU46990 Insufficient verification of data authenticity in Citrix Workspace for Windows - CVE-2020-8207

Published: July 25, 2020 / Updated: September 23, 2020

Vulnerability identifier: #VU46990

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2020-8207

CWE-ID: CWE-345

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Citrix Workspace for Windows

Software vendor:
Citrix

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists within the automatic update service due to improper verification of data authenticity when installing updates. A remote attacker can execute arbitrary application on the system with elevated privileges.

Successful exploitation of the vulnerability requires that Windows file sharing (SMB) is enabled on the affected system and the updater service is running.

Remediation

Install updates from vendor's website.

External links

https://support.citrix.com/article/CTX277662

#VU46990 Insufficient verification of data authenticity in Citrix Workspace for Windows - CVE-2020-8207

Description

Remediation

External links

Please verify you're human