Headline
CVE-2021-44520: gist.txt
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
> [Suggested description]
> Citrix XenMobile Server 10.12 RP9 and before, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privilege.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Command Injection
>
> ------------------------------------------
>
> [Vendor of Product]
> Citrix
>
> ------------------------------------------
>
> [Affected Product Code Base]
> XenMobile 10.12
>
> ------------------------------------------
>
> [Affected Component]
> XenMobile Rest API
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Reference]
> https://docs.citrix.com/en-us/xenmobile/server/document-history.html
>
> ------------------------------------------
>
> [Discoverer]
> CHT Security/Tree