Linux Citrix Workspace App Allows for Local Privilege Escalation

Fortify Security Team
Jan 12, 2022

A vulnerability has been discovered in Citrix Workspace App for Linux, a virtual desktop application. Successful exploitation of this vulnerability could allow for local privilege escalation. A privilege escalation enables the attacker to obtain root privileges within the system which will enable them to install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE: There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Citrix Workspace App for Linux 2012 to 2111

RISK:

Government:

  • Large and medium government entities: High
  • Small government entities: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: Low

TECHNICAL SUMMARY:

A vulnerability has been discovered in Citrix Workspace App for Linux, a virtual desktop application. This vulnerability has a pre-condition in that the Citrix Workspace App for Linux must be installed with App Protection. Successful exploitation of this vulnerability could allow for local privilege escalation. A privilege escalation enables the attacker to obtain root privileges within the system which will enable them to install programs; view, change, or delete data; or create new accounts with full user rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Upgrade Citrix Workspace App for Linux (2112 and later versions) to a fixed version as provided by Citrix.
  • Verify no unauthorized changes have occurred before applying patches/updates.

REFERENCES:

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21825

Citrix:
https://support.citrix.com/article/CTX338435

Recent Posts

Google Chrome Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could...

Oracle Quarterly Critical Patches Issued April 19, 2022

Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution. April 22 – THREAT INTELLIGENCE UPDATED: A new proof of concept code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been...

WSO2 Products Could Allow for Remote Code Execution

A vulnerability has been discovered in specific WSO2 products, which could allow for remote code execution. WSO2 is an open-source technology provider. It offers an enterprise platform for integrating application programming interfaces (API), applications, and web...