CVE-2022-21827

Published: May 26, 2022Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.

Affected (1)

Products: Citrix: Gateway Plug In

1 product

Gateway Plug In

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Citrix Gateway Plug In	Before 21.9.1.2

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://support.citrix.com/article/CTX341455

Source: support@hackerone.com

Vendor Advisory

https://support.citrix.com/article/CTX341455

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.