⚙️ Citrix Virtual Apps and Desktops — Unauthenticated RCE
This vulnerability in Citrix Virtual Apps and Desktops enables unauthorized users to achieve remote code execution through a misconfigured Microsoft Message Queuing (MSMQ) service accessible over HTTP. The issue stems from using an outdated BinaryFormatter for data deserialization, allowing attackers to run commands with SYSTEM privileges on the Citrix server.
🔗 Research:
https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
🔗 Source:
https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit
#citrix #msmq #deserialization #unauth #rce
This vulnerability in Citrix Virtual Apps and Desktops enables unauthorized users to achieve remote code execution through a misconfigured Microsoft Message Queuing (MSMQ) service accessible over HTTP. The issue stems from using an outdated BinaryFormatter for data deserialization, allowing attackers to run commands with SYSTEM privileges on the Citrix server.
🔗 Research:
https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
🔗 Source:
https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit
#citrix #msmq #deserialization #unauth #rce
watchTowr Labs
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE-2024-8068 and CVE-2024-8069)
Well, we’re back again, with yet another fresh-off-the-press bug chain (and associated Interactive Artifact Generator). This time, it’s in Citrix’s “Virtual Apps and Desktops” offering.
This is a tech stack that enables end-users (and likely, your friendly…
This is a tech stack that enables end-users (and likely, your friendly…
👍4❤3😱2👎1🔥1