9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.011 Low
EPSS
Percentile
84.5%
Vulnerabilities have been discovered in Citrix Endpoint Management (XenMobile Server), which, collectively, may allow a XenMobile console user with either anadmin role or a custom role that has ‘Create Support Bundles’ enabled,to gain root access to the underlying OS.
CVE-ID | Description | CWE | Pre-conditions |
---|---|---|---|
CVE-2021-44519 | Unauthorized access to the underlying OS | CWE-284: Improper Access Control | AXenMobile console user must have either anadmin role or a custom role that has ‘Create Support Bundles’ enabled. These permissions can only be assigned by an adminuser. |
CVE-2021-44520 | Unauthorized root access to the underlying OS | CWE-284: Improper Access Control | Access to the underlying OS |
CVE-2022-26151 | Unauthorized root access to the underlying OS | CWE-20: Improper Input Validation | Admin access to XenMobile Server CLI |
The issues affect the following supported versions of Citrix Endpoint Management (XenMobile Server)
CVE-2021-44519, CVE-2021-44520 - Medium severity:
XenMobile Server 10.14.0 before rolling patch 4
XenMobile Server 10.13.0 before rolling patch 7
CVE-2022-26151 - Low severity:
XenMobile Server 10.14.0 before rolling patch 5
XenMobile Server 10.13.0 before rolling patch 8
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.011 Low
EPSS
Percentile
84.5%