HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

Researchers are publicizing a proof of concept (PoC) exploit for what they're calling an unauthenticated remote code execution (RCE) vulnerability in Citrix's Virtual Apps and Desktops.

The exploit, discovered by watchTowr, can be carried out using only an HTTP request, handing an attacker system privileges on the vendor's virtual desktop infrastructure (VDI) product.

Sina Kheirkhah, vulnerability researcher at watchTowr, however, states: "This one is a privesc bug yielding system privileges for any VDI user, which is actually a lot worse than it might initially sound since that's system privileges on the server that hosts all the applications and access is 'by design' – allowing an attacker to impersonate any user, including administrators, and monitor behavior, connectivity."

Kheirkhah added: "Since everything is so seamless and portable, it's an easy jump from there to impersonating users or 'shadowing' them, observing their every action. The centralized administration system can easily become a panopticon."

Leave a Comment