vulnerability

Critical Remote Code Execution Vulnerability in Citrix Receiver for Windows (CVE-2019-11634)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	May 22, 2019	Jul 3, 2024	Jul 15, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

May 22, 2019

Added

Jul 3, 2024

Modified

Jul 15, 2024

Description

A vulnerability has been identified in Citrix Receiver for Windows (all versions earlier than LTSR 4.9 CU6 4.9.6001) that could result in local drive access preferences not being enforced.
This can allow an attacker to have read/write access to the client's local drives, which could enable code execution on the client device.

Solution

citrix-receiver-update-latest

References

CVE-2019-11634
https://attackerkb.com/topics/CVE-2019-11634
https://support.citrix.com/article/CTX251986/cve201911634-citrix-workspace-app-and-receiver-for-windows-security-update

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report