CVE-2021-44520

Sažetak

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.

Reference

https://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709
https://docs.citrix.com/en-us/xenmobile/server/document-history.html
https://support.citrix.com/article/CTX370551
https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

12-07-2022 - 17:42

Objavljeno

13-04-2022 - 00:15