CVE-2021-44520
published 2022-04-13CVE-2021-44520: In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
PriorityP265high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
5.80%
92.2th percentile
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_endpoint_management | — | — |
| citrix | citrix_xenmobile | — | — |
| citrix | xenmobile | — | — |
| citrix | xenmobile_server | — | — |
| citrix | xenmobile_server | — | — |
| citrix | xenserver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-44520 is an Authenticated Command Injection vulnerability in Citrix XenMobile Server; monitor for unexpected OS-level command execution (e.g., shell spawning) originating from the XenMobile Server process, particularly with root privileges. ↗
- →Exploitation requires an authenticated session with access to the underlying OS via the XenMobile Server interface; alert on authenticated sessions performing unusual or privileged OS-level operations on XenMobile Server. ↗
- →Affected versions are XenMobile Server 10.14.0 before rolling patch 4 and 10.13.0 before rolling patch 7; identify unpatched instances in the environment as high-priority targets for monitoring. ↗
- ·Exploitation requires prior authentication to the XenMobile Server; unauthenticated access alone is insufficient to trigger CVE-2021-44520. ↗
- ·The vulnerability is classified as Medium severity by Citrix, which may affect organizational prioritization despite the root RCE impact. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2021-44520: In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root pr
vendor_citrix·2022-04-13·CVSS 8.8
CVE-2021-44520 [HIGH] CWE-77 CVE-2021-44520: In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root pr
CVE-2021-44520: In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
Citrix
Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151
vendor_citrix·CVSS 8.8
CVE-2021-44519 [HIGH] CWE-20 Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151
Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151
CWE Pre-conditions CVE-2021-44519 Unauthorized access to the underlying OS CWE-284: Improper Access Control A XenMobile console user must have either an admin role or a custom role that has ‘Create Support Bundles’ enabled. These permissions can only be assigned by an admin user. CVE-2021-44520 Unauthorized root access to the underlying OS CWE-284: Improper Access Control Access to the underlying OS CVE-2022-26151 Unauthorized root access to the underlying OS CWE-20: Improper Input Validation Admin access to XenMobile Server CLI The issues affect the following supported versions of Citrix Endpoint Management (XenMobile Server) CVE-2021-44519, CVE-2021-44520 - Medium sever
GHSA
GHSA-gprv-rwf8-ph32: In Citrix XenMobile Server through 10
ghsa_unreviewed·2022-04-14
CVE-2021-44520 [HIGH] CWE-78 GHSA-gprv-rwf8-ph32: In Citrix XenMobile Server through 10
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.citrix.com/en-us/xenmobile/server/document-history.htmlhttps://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709https://support.citrix.com/article/CTX370551https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fehttps://docs.citrix.com/en-us/xenmobile/server/document-history.htmlhttps://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709https://support.citrix.com/article/CTX370551https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe
2022-04-13
Published