CVE-2021-44519
published 2022-04-19CVE-2021-44519: In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.57%
83.2th percentile
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_endpoint_management | — | — |
| citrix | citrix_xenmobile | — | — |
| citrix | xenmobile | — | — |
| citrix | xenmobile_server | — | — |
| citrix | xenmobile_server | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2021-44519: In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
vendor_citrix·2022-04-19·CVSS 8.8
CVE-2021-44519 [HIGH] CWE-22 CVE-2021-44519: In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
CVE-2021-44519: In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
Citrix
Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151
vendor_citrix·CVSS 8.8
CVE-2021-44519 [HIGH] CWE-20 Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151
Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151
CWE Pre-conditions CVE-2021-44519 Unauthorized access to the underlying OS CWE-284: Improper Access Control A XenMobile console user must have either an admin role or a custom role that has ‘Create Support Bundles’ enabled. These permissions can only be assigned by an admin user. CVE-2021-44520 Unauthorized root access to the underlying OS CWE-284: Improper Access Control Access to the underlying OS CVE-2022-26151 Unauthorized root access to the underlying OS CWE-20: Improper Input Validation Admin access to XenMobile Server CLI The issues affect the following supported versions of Citrix Endpoint Management (XenMobile Server) CVE-2021-44519, CVE-2021-44520 - Medium sever
GHSA
GHSA-7fvj-gp5w-qqpp: In Citrix XenMobile Server through 10
ghsa_unreviewed·2022-04-20
CVE-2021-44519 [HIGH] CWE-22 GHSA-7fvj-gp5w-qqpp: In Citrix XenMobile Server through 10
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.citrix.com/en-us/xenmobile/server/document-history.htmlhttps://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597fhttps://support.citrix.com/article/CTX370551https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fehttps://docs.citrix.com/en-us/xenmobile/server/document-history.htmlhttps://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597fhttps://support.citrix.com/article/CTX370551https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe
2022-04-19
Published