Vulnerability Details : CVE-2019-11634
Used for ransomware!
Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
Products affected by CVE-2019-11634
- cpe:2.3:a:citrix:receiver:4.9:cumulative_update_6:*:*:windows:*:*:*
- cpe:2.3:a:citrix:workspace:*:*:*:*:*:windows:*:*
CVE-2019-11634 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-11634
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2019-11634
3.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11634
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-07 |
CWE ids for CVE-2019-11634
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2019-11634
-
https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin
SearchVendor Advisory
-
https://support.citrix.com/article/CTX251986
Remote Code Execution Vulnerability in Citrix Workspace app and Receiver for WindowsVendor Advisory
Jump to