CVE-2021-44520 — Command Injection in Citrix Xenmobile Server

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

15.8%

top 5.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Xenmobile Server

Timeline

PublishedApr 13

Latest updateApr 14

Description

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDcitrix/xenmobile_server10.13.0, 10.14.0+1

🔴Vulnerability Details

GHSA

GHSA-gprv-rwf8-ph32: In Citrix XenMobile Server through 10↗2022-04-14

▶

📋Vendor Advisories

Citrix

CVE-2021-44520: In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root pr↗2022-04-13

▶