CVE-2021-22928

Published Aug 5, 2021

Last updated 2 years ago

CVSS high 7.8

Overview

Description: A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
Source: support@hackerone.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FE7155E-9F8B-47B7-8E70-2D947F6AEDAC",
            "versionEndIncluding": "2106",
            "versionStartIncluding": "2006"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9330183-B04B-46F1-9DA6-5EAF216DFCC3"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DE66CEF-6D57-429A-9776-E5ED73827A8F"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.15:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39D97CED-69C7-4762-85E9-978813DB3392"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu6:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A10B5EA-EC14-47ED-ADBB-D975C6B07BE3"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu7:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CFEBFEE-2A25-44E4-B52F-FFE74919F488"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.15:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AFF8323-A381-481F-9BE2-F9027D942851"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu6:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A2A6CF3-F554-44C9-965E-FEAEDDE44D95"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu7:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15C211A8-9CD0-44B0-BD5D-94D78290EBA9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References