Vulnerability Description
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Xenmobile Server | 10.13.0 |
Related Weaknesses (CWE)
References
- https://docs.citrix.com/en-us/xenmobile/server/document-history.htmlVendor Advisory
- https://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709Third Party Advisory
- https://support.citrix.com/article/CTX370551Vendor Advisory
- https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe
- https://docs.citrix.com/en-us/xenmobile/server/document-history.htmlVendor Advisory
- https://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709Third Party Advisory
- https://support.citrix.com/article/CTX370551Vendor Advisory
- https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe
FAQ
What is CVE-2021-44520?
CVE-2021-44520 is a vulnerability with a CVSS score of 8.8 (HIGH). In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
How severe is CVE-2021-44520?
CVE-2021-44520 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-44520?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Xenmobile Server.