Citrix has patched a vulnerability (CVE-2021-22928) in Virtual Apps and Desktops that could result in privilege escalation on a Windows Virtual Delivery Agent (VDA).
“A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM,” Citrix stated in the advisory.
The vulnerability CVE-2021-22928 affects the following Citrix products:
- Citrix Virtual Apps and Desktops 2106 and earlier versions.
- Citrix Virtual Apps and Desktops 1912 LTSR CU3 and earlier versions of 1912 LTSR.
- Citrix XenApp / XenDesktop 7.15 LTSR CU7 and earlier versions of 7.15 LTSR.
Although a patch was provided initially on July 13, Citrix added updated hotfixes for 1912 LTSR on July 16.
- Citrix patches Critical vulnerability exploited in the wild (updated)
- Citrix warns of data breach
- APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations
- Chinese threat actors targeting U.S. government agencies and these 4 CVEs
- Patch these 10 most commonly exploited vulnerabilities