CVE-2021-22928

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
citrixvirtual_apps_and_desktops
2006 ≤
𝑥
≤ 2106
citrixxenapp
7.15
citrixxenapp
7.15:cu6
citrixxenapp
7.15:cu7
citrixxendesktop
7.15
citrixxendesktop
7.15:cu6
citrixxendesktop
7.15:cu7
𝑥
= Vulnerable software versions
References
https://support.citrix.com/article/CTX319750
https://support.citrix.com/article/CTX319750