CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
This vulnerability has the following identifier:
CVE ID | Description | Vulnerability Type | Pre-conditions |
---|---|---|---|
CVE-2021-22928 | Local privilege escalation on a Windows VDA | CWE-284: Improper Access Control | Authenticated access to a VDA with Citrix Profile Management or Citrix Profile Management WMI Plugin installed |
The vulnerability affects the following supported versions of Citrix Virtual Apps and Desktops and XenApp / XenDesktop:
Please note that Citrix XenApp /XenDesktop7.6 LTSR has now reached End of Life and is no longer supported except through Citrix Extended Support Program.
Vendor | Product | Version | CPE |
---|---|---|---|
citrix | application_delivery_management | citrix_profile_management_x | cpe:2.3:a:citrix:application_delivery_management:citrix_profile_management_x:*:*:*:*:*:*:* |
citrix | application_delivery_management | citrix_profile_management_wmi_plugin_x | cpe:2.3:a:citrix:application_delivery_management:citrix_profile_management_wmi_plugin_x:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%