CVE-2021-22928

Published: Aug 5, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.

Affected (9)

Products: Citrix: Virtual Apps And Desktops, Xenapp, Xendesktop

Citrix

3 products

Virtual Apps And Desktops

Xenapp

Xendesktop

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Citrix Virtual Apps And Desktops	From 2006 to 2106
Citrix Virtual Apps And Desktops	Version 1912
Citrix Virtual Apps And Desktops	Version 1912 cu3
Citrix Xenapp	Version 7.15
Citrix Xenapp	Version 7.15 cu6
Citrix Xenapp	Version 7.15 cu7
Citrix Xendesktop	Version 7.15
Citrix Xendesktop	Version 7.15 cu6
Citrix Xendesktop	Version 7.15 cu7

References (2)

https://support.citrix.com/article/CTX319750

Source: support@hackerone.com

PatchVendor Advisory

https://support.citrix.com/article/CTX319750

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.