CVE-2021-22928
published 2021-08-05CVE-2021-22928: A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile…
PriorityP338high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.25%
16.0th percentile
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | citrix_xenapp | — | — |
| citrix | virtual_apps_and_desktops | — | — |
| citrix | virtual_apps_and_desktops | — | — |
| citrix | virtual_apps_and_desktops | 2006 – 2106 | — |
| citrix | xenapp | — | — |
| citrix | xenapp | — | — |
| citrix | xendesktop | — | — |
| citrix | xendesktop | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-469p-6wj5-vcqr: A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix
ghsa_unreviewed·2022-05-24
CVE-2021-22928 [HIGH] CWE-269 GHSA-469p-6wj5-vcqr: A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
Citrix
CVE-2021-22928: A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix
vendor_citrix·2021-08-05·CVSS 7.8
CVE-2021-22928 [HIGH] CVE-2021-22928: A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix
CVE-2021-22928: A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
Citrix
Citrix Virtual Apps and Desktops Security Update
vendor_citrix·2021-07-13·CVSS 7.8
CVE-2021-22928 [HIGH] CWE-284 Citrix Virtual Apps and Desktops Security Update
Citrix Virtual Apps and Desktops Security Update
Vulnerability Type Pre-conditions CVE-2021-22928 Local privilege escalation on a Windows VDA CWE-284: Improper Access Control Authenticated access to a VDA with Citrix Profile Management or Citrix Profile Management WMI Plugin installed The vulnerability affects the following supported versions of Citrix Virtual Apps and Desktops and XenApp / XenDesktop: Citrix Virtual Apps and Desktops 2106 and earlier Current Release (CR) versions Citrix Virtual Apps and Desktops 1912 LTSR CU3 and earlier versions of 1912 LTSR Citrix XenApp / XenDesktop 7.15 LTSR CU7 and earlier versions of 7.15 LTSR Citrix Virtual Apps and Desktops 2106 is only affected when Citrix Profile Management is installed on a Windows VDA as Citrix Profile Management WMI Plugin i
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-08-05
Published