Vulnerability Description
Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Federated Authentication Service | >= 7.17, <= 10.6 |
Related Weaknesses (CWE)
References
- https://support.citrix.com/article/CTX341587Vendor Advisory
- https://support.citrix.com/article/CTX341587Vendor Advisory
FAQ
What is CVE-2022-26355?
CVE-2022-26355 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to...
How severe is CVE-2022-26355?
CVE-2022-26355 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26355?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Federated Authentication Service.