Stick that in your named pipe and smoke it: Flaw in Citrix Workspace could let remote attacker pwn host machine

Research outfit Pen Test Partners has uncovered a vulnerability in Citrix Workspace potentially allowing a privilege escalation to lead to full remote compromise of the host machine. The flaw, CVE-2020-8207 (not yet reserved at the time of publication), sees Workspace’s automatic update feature abused to gain access to a vulnerable Workspace installation, with the attack vector being a named pipe.

Read full article on The Register

 


Date:

Categorie(s):