Citrix Virtual Apps and Desktops Security Update

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.


This vulnerability has the following identifier:

CVE ID Description Vulnerability Type Pre-conditions
CVE-2021-22928 Local privilege escalation on a Windows VDA CWE-284: Improper Access Control Authenticated access to a VDA with Citrix Profile Management or Citrix Profile Management WMI Plugin installed

The vulnerability affects the following supported versions of Citrix Virtual Apps and Desktops and XenApp / XenDesktop:

  • Citrix Virtual Apps and Desktops 2106 and earlier Current Release (CR) versions
  • Citrix Virtual Apps and Desktops 1912 LTSR CU3 and earlier versions of 1912 LTSR
  • Citrix XenApp / XenDesktop 7.15 LTSR CU7 and earlier versions of 7.15 LTSR

Citrix Virtual Apps and Desktops 2106 is only affected when Citrix Profile Management is installed on a Windows VDA as Citrix Profile Management WMI Plugin is not affected in this version.

Please note that Citrix XenApp / XenDesktop 7.6 LTSR has now reached End of Life and is no longer supported except through Citrix Extended Support Program.

Related:

  • No Related Posts

Leave a Reply