CVE-2024-11467
📋 TL;DR
CVE-2024-11467 is a local privilege escalation vulnerability in Omnissa Horizon Client for macOS that allows authenticated users to gain root privileges through a logic flaw. This affects all macOS systems running vulnerable versions of the Horizon Client software. Attackers with local access can exploit this to take full control of affected systems.
💻 Affected Systems
- Omnissa Horizon Client for macOS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers with standard user privileges gain full root access to the macOS system, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement.
Likely Case
Malicious insiders or attackers who gain initial access through phishing or other means escalate privileges to install malware, steal credentials, or maintain persistence.
If Mitigated
With proper access controls and monitoring, exploitation would be detected and contained before significant damage occurs.
🎯 Exploit Status
Requires local access and user privileges; exploitation involves logic flaw manipulation rather than memory corruption
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in provided references - check vendor advisory for exact version
Vendor Advisory: https://www.omnissa.com/omnissa-security-response/
Restart Required: No
Instructions:
1. Visit the Omnissa security response page. 2. Download the latest Horizon Client for macOS. 3. Install the update following vendor instructions. 4. Verify the installation completed successfully.
🔧 Temporary Workarounds
Remove or restrict Horizon Client access
macOSUninstall Horizon Client from non-essential systems or restrict user access to vulnerable systems
sudo rm -rf /Applications/VMware\ Horizon\ Client.app
🧯 If You Can't Patch
- Implement strict least privilege access controls to limit who can access systems with Horizon Client
- Enable enhanced monitoring and logging for privilege escalation attempts on affected systems
🔍 How to Verify
Check if Vulnerable:
Check Horizon Client version and compare against vendor's patched version listCheck Version:
Check within Horizon Client application or look for version files in installation directoryVerify Fix Applied:
Verify Horizon Client version matches or exceeds the patched version specified by Omnissa📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events
- Horizon Client process spawning root shells
- sudo or authorization events from Horizon Client processes
Network Indicators:
- None - this is a local privilege escalation
SIEM Query:
process.name="Horizon Client" AND event.action="privilege_escalation" OR user.elevation=true