Vulnerabilities > CVE-2021-22928 - Unspecified vulnerability in Citrix Virtual Apps and Desktops, Xenapp and Xendesktop

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

citrix

NVD

Published: 2021-08-05

Updated: 2022-07-12

Summary

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.

Vulnerable Configurations

Part	Description	Count
Application	Citrix Citrix Xendesktop 7.15 Citrix Xenapp 7.15 Citrix Virtual Apps AND Desktops 2006 Citrix Virtual Apps AND Desktops 2106 Citrix Virtual Apps AND Desktops 1912	10

References

https://support.citrix.com/article/CTX319750