CVE-2021-22928
First published: Thu Aug 05 2021(Updated: )
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Virtual Apps and Desktops | >=2006<=2106 | |
| Citrix Virtual Apps and Desktops | =1912 | |
| Citrix Virtual Apps and Desktops | =1912-cu3 | |
| Citrix XenApp | =7.15 | |
| Citrix XenApp | =7.15-cu6 | |
| Citrix XenApp | =7.15-cu7 | |
| Citrix Virtual Apps and Desktops | =7.15 | |
| Citrix Virtual Apps and Desktops | =7.15-cu6 | |
| Citrix Virtual Apps and Desktops | =7.15-cu7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22928?
CVE-2021-22928 is a vulnerability identified in Citrix Virtual Apps and Desktops that allows a user to escalate their privilege level on a Windows VDA to SYSTEM.
Which software versions are affected by CVE-2021-22928?
CVE-2021-22928 affects Citrix Virtual Apps and Desktops versions 2006 and 2106, as well as Citrix Virtual Apps and Desktops 1912, 1912-cu3, Citrix XenApp 7.15, Citrix XenApp 7.15-cu6, and Citrix XenApp 7.15-cu7, Citrix XenDesktop 7.15, Citrix XenDesktop 7.15-cu6, and Citrix XenDesktop 7.15-cu7.
What is the severity of CVE-2021-22928?
CVE-2021-22928 has a severity rating of 7.8 (High).
How can I fix CVE-2021-22928?
To fix CVE-2021-22928, apply the necessary security updates provided by Citrix in their advisory and ensure that Citrix Profile Management or Citrix Profile Management WMI Plugin are updated to the latest versions.
Where can I find more information about CVE-2021-22928?
For more information about CVE-2021-22928, you can refer to the official advisory from Citrix: https://support.citrix.com/article/CTX319750
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/remedy
- agent/author
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/severity
- agent/event
- vendor/citrix
- canonical/citrix virtual apps and desktops
- version/citrix virtual apps and desktops/2006
- version/citrix virtual apps and desktops/2106
- version/citrix virtual apps and desktops/1912
- version/citrix virtual apps and desktops/1912-cu3
- canonical/citrix xenapp
- version/citrix xenapp/7.15
- version/citrix xenapp/7.15-cu6
- version/citrix xenapp/7.15-cu7
- version/citrix virtual apps and desktops/7.15
- version/citrix virtual apps and desktops/7.15-cu6
- version/citrix virtual apps and desktops/7.15-cu7