Rewterz Threat Advisory – Multiple SAP Vulnerabilities
March 9, 2022Rewterz Threat Advisory – Google Android Vulnerability
March 9, 2022Rewterz Threat Advisory – Multiple SAP Vulnerabilities
March 9, 2022Rewterz Threat Advisory – Google Android Vulnerability
March 9, 2022Severity
Medium
Analysis Summary
CVE-2022-26355
Citrix Federated Authentication Service (FAS) could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when using PowerShell to configure the storage of registration authority certificate’s private key in the TPM. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain key information in the Microsoft Software Key Storage Provider (MSKSP), and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2022-26355
Affected Vendors
Citrix
Affected Products
- Citrix Federated Authentication Service 7.17
- Citrix Federated Authentication Service 10.6
Remediation
Refer to Citrix security advisory for the patch, upgrade, or suggested workaround information.
CVE-2022-26355