cbcvebase.
CVE-2021-22928
published 2021-08-05

CVE-2021-22928: A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile…

PriorityP338high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.25%
16.0th percentile
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.

Affected

10 ranges
VendorProductVersion rangeFixed in
citrixcitrix_virtual_apps_and_desktops
citrixcitrix_xenapp
citrixvirtual_apps_and_desktops
citrixvirtual_apps_and_desktops
citrixvirtual_apps_and_desktops2006 – 2106
citrixxenapp
citrixxenapp
citrixxendesktop
citrixxendesktop
citrixxenserver

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.