A Vulnerability in Citrix Workspace App for Linux Could Allow for Local Privilege Escalation

ITS Advisory Number: 
2022-007
Date(s) Issued: 
Wednesday, January 12, 2022
Subject: 
A Vulnerability in Citrix Workspace App for Linux Could Allow for Local Privilege Escalation
Overview: 

A vulnerability has been discovered in Citrix Workspace App for Linux, a virtual desktop application. Successful exploitation of this vulnerability could allow for local privilege escalation. A privilege escalation enables the attacker to obtain root privileges within the system which will enable them to install programs; view, change, or delete data; or create new accounts with full user rights.

 

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

 

Systems Affected: 
  • Citrix Workspace App for Linux 2012 to 2111
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

A vulnerability has been discovered in Citrix Workspace App for Linux, a virtual desktop application. This vulnerability has a pre-condition in that the Citrix Workspace App for Linux must be installed with App Protection. Successful exploitation of this vulnerability could allow for local privilege escalation. A privilege escalation enables the attacker to obtain root privileges within the system which will enable them to install programs; view, change, or delete data; or create new accounts with full user rights.

 

Actions: 
  • Verify no unauthorized changes have occurred before applying patches/updates.
  • After appropriate testing, upgrade Citrix Workspace App for Linux (2112 and later versions) to a fixed version as provided by Citrix.