====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN363
_____________________________________________________________________

DATE                : 19/07/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Citrix Virtual Apps and Desktops,
                                      Citrix XenApp / XenDesktop.

=====================================================================
https://support.citrix.com/article/CTX319750
_____________________________________________________________________

Citrix Virtual Apps and Desktops Security Update

Reference: CTX319750
Category : High
Created  : 12 July 2021
Modified : 16 July 2021

Applicable Products

  o Citrix Virtual Apps and Desktops

Description of Problem

A vulnerability has been identified in Citrix Virtual Apps and Desktops
that could, if exploited, allow a user of a Windows VDA that has either
Citrix Profile Management or Citrix Profile Management WMI Plugin
installed to escalate their privilege level on that Windows VDA to
SYSTEM.


This vulnerability has the following identifier:

+--------------+--------------+-------------+---------------------------------+
|CVE ID        |Description   |Vulnerability|Pre-conditions
|
|              |              |Type         |
|
+--------------+--------------+-------------+---------------------------------+
|              |Local         |CWE-284:     |Authenticated access to a
                                                      VDA
|
|CVE-2021-22928|privilege     |Improper     |with Citrix Profile
                                                Management or
|
|              |escalation on |Access       |Citrix Profile Management
                                                  WMI
|
|              |a Windows VDA |Control      |Plugin installed
|
+--------------+--------------+-------------+---------------------------------+

The vulnerability affects the following supported versions of Citrix
Virtual Apps and Desktops and XenApp / XenDesktop:

  o Citrix Virtual Apps and Desktops 2106 and earlier versions
  o Citrix Virtual Apps and Desktops 1912 LTSR CU3 and earlier versions
     of 1912 LTSR
  o Citrix XenApp / XenDesktop 7.15 LTSR CU7 and earlier versions of
     7.15 LTSR

Citrix Virtual Apps and Desktops 2106 is only affected when Citrix
Profile Management is installed on a Windows VDA as Citrix Profile
Management WMI Plugin is not affected in this version.


What Customers Should Do

Citrix has released hotfixes to address the vulnerability. The hotfixes
can be downloaded from the following locations:

Citrix Virtual Apps and Desktops 2106

  o ProfilemgtWX86_2106_001 - https://support.citrix.com/article/CTX319995
  o ProfilemgtWX64_2106_001 - https://support.citrix.com/article/CTX319996

Citrix Virtual Apps and Desktops 1912 LTSR

  o ProfilemgtWX64_1912_3002 - https://support.citrix.com/article/CTX322392
  o UPMVDAPluginWX64_1912_3001 -
https://support.citrix.com/article/CTX319668
  o ProfilemgtWX86_1912_3002 - https://support.citrix.com/article/CTX322393
  o UPMVDAPluginWX86_1912_3001 -
https://support.citrix.com/article/CTX319671

Citrix XenApp / XenDesktop 7.15 LTSR

  o ProfilemgtWX64_7_15_7001 - https://support.citrix.com/article/CTX319817
  o UPMVDAPluginWX64_7_15_7001 -
https://support.citrix.com/article/CTX319669
  o ProfilemgtWX86_7_15_7001 - https://support.citrix.com/article/CTX319818
  o UPMVDAPluginWX86_7_15_7001 -
https://support.citrix.com/article/CTX319670


Citrix recommends that customers install the relevant hotfixes on to any
affected Windows VDAs as soon as possible. Customers who have installed
both affected components should ensure they install both applicable
hotfixes.
Customers who have only installed one of the affected components should
ensure they install the hotfix that applies to the component they have
installed.

This issue will also be addressed in any future versions of Citrix
Virtual Apps and Desktops and Citrix XenApp / XenDesktop.


Acknowledgements

Citrix would like to thank Lasse Trolle Borup of Improsec A/S for
working with us to protect Citrix customers.


What Citrix is Doing

Citrix is notifying customers and channel partners about this potential
security issue. This article is also available from the Citrix Knowledge
Center at https://support.citrix.com/ .


Obtaining Support on This Issue

If you require technical assistance with this issue, please contact
Citrix Technical Support. Contact details for Citrix Technical
Support are available at
https://www.citrix.com/support/open-a-support-case/ .


Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products
and considers any and all potential vulnerabilities seriously.
For details on our vulnerability response process and guidance
on how to report security-related issues to Citrix, please see
the following webpage:
https://www.citrix.com/about/trust-center/vulnerability-process.html .


Disclaimer

This document is provided on an "as is" basis and does not imply
any kind of guarantee or warranty, including the warranties of
merchantability or fitness for a particular use. Your use of
the information on the document is at your own risk. Citrix
reserves the right to change or update this document at any
time.


Changelog

Date       Change

2021-07-13 Initial Publication

2021-07-13 Additional hotfixes added

2021-07-16 Updated hotfixes for 1912 LTSR


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================