CVE-2022-21827 — Improper Privilege Management in Citrix Gateway Plug-in

CWE-269 — Improper Privilege Management CWE-284 — Improper Access Control4 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 71.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Gateway Plug-in Citrix ADC Citrix Gateway +1 more

Timeline

PublishedMay 26

Latest updateMay 27

Description

An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

▶NVDcitrix/gateway_plug-in< 21.9.1.2

▶citrixcitrix/citrix_gateway

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adc

🔴Vulnerability Details

GHSA

GHSA-h578-jrpj-wc47: An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21↗2022-05-27

▶

📋Vendor Advisories

Citrix

CVE-2022-21827: An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could↗2022-05-26

▶

Citrix

Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827↗

▶