CVE-2019-11634 is a vulnerability in Citrix’s digital workspace that gives an attacker read-write access to the client’s local drives. An attacker can generate a malicious URL and have a victim use it to establish a remote session. During this session, depending on the browser, it takes zero to one click to allow the server to access the client’s files.
This is an unusual exploit, where loading a malicious URL is sufficient enough to provide attackers with full access to a victim’s PC. This situation means there exist numerous possible attack methods, such as abusing compromised Citrix servers, or embedding malicious URLs inside infected web pages.
The vulnerable versions are Citrix Workspace for Windows prior to version 1904 and Receiver for Windows to LTSR 4.9 CU6 version earlier than 4.9.6001.
Citrix provides patched versions for both Workspace and Receiver LTSR in their KB article. It is strongly recommended that customers upgrade Citrix Workspace app to version 1904 or later and Receiver for Windows to LTSR 4.9 CU6 version 4.9.6001 as soon as possible.
