Citrix Hypervisor security updates

Citrix Hypervisor security updates

Citrix has issued a security update for Citrix Hypervisor vulnerabilities, that may collectively allow an attacker to launch privileged code in a guest VM to compromise or crash the host.

The Citrix Hypervisor security update addresses the following Citrix Hypervisor vulnerabilities:

  • CVE-2021-28694: Host denial of service
  • CVE-2021-28697: Host compromise.
  • CVE-2021-28698: Host denial of service.
  • CVE-2021-28699: Host compromise.
  • CVE-2021-28701: Host compromise.

In most cases, malicious privileged code execution could occur in a guest VM running on a host.

Citrix has confirmed all currently supported versions of Citrix Hypervisor are affected by all of the above issues, except for CVE-2021-28699 which only affects Citrix Hypervisor 8.2 LTSR.

Related Articles