1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2019-11634 Mappings

Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2019-11634 Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability secondary_impact T1005 Data from Local System
Comments
CVE-2019-11634 is a remote code execution vulnerability for Citrix Workspace Application and Receiver for Windows
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/
CVE-2019-11634 Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability secondary_impact T1046 Network Service Discovery
Comments
CVE-2019-11634 is a remote code execution vulnerability for Citrix Workspace Application and Receiver for Windows
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/
CVE-2019-11634 Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability secondary_impact T1003 OS Credential Dumping
Comments
CVE-2019-11634 is a remote code execution vulnerability for Citrix Workspace Application and Receiver for Windows
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/
CVE-2019-11634 Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability secondary_impact T1078 Valid Accounts
Comments
CVE-2019-11634 is a remote code execution vulnerability for Citrix Workspace Application and Receiver for Windows
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/
CVE-2019-11634 Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
Vulnerability in Citrix Receiver for Windows may allows attacker to gain read/write access to the client's local drives, potentially enabling code execution on the client device, such as deploying ransomware
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/
CVE-2019-11634 Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability secondary_impact T1486 Data Encrypted for Impact
Comments
Vulnerability in Citrix Receiver for Windows may allows attacker to gain read/write access to the client's local drives, potentially enabling code execution on the client device, such as deploying ransomware
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/
CVE-2019-11634 Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
Vulnerability in Citrix Receiver for Windows may allows attacker to gain read/write access to the client's local drives, potentially enabling code execution on the client device, such as deploying ransomware
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/