Citrix fixes 3 Hypervisor vulnerabilities

Citrix fixes 3 Hypervisor vulnerabilities

Citrix has released patches for Citrix Hypervisor that address 3 vulnerabilities. If exploited, an attacker could exploit privileged code in a guest VM and cause the host to crash or become unresponsive.

Each of the security issues affect all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.2 LTSR.

Two of the patched Citrix Hypervisor vulnerabilities include CVE-2021-28038 and CVE-2021-28688. In both issues, an attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host.

Moreover, Citrix also addressed a third vulnerability CVE-2020-35498 in Citrix Hypervisor 8.2 LTSR (only) that may allow malicious network traffic to cause subsequent packets to be dropped.

Related Articles