CVE-2022-26355 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-26355 PUBLISHED CVSS 4.400000095367432 MEDIUM

Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.

EPSS 0.03% · 8.1th percentile

Risk Scores

CVSS v3.1

4.400000095367432

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.03%

8.1th percentile

Affected Products

Vendor	Product	Versions
citrix	federated_authentication_service	7.17
Citrix	Federated Authentication Service (FAS)	unspecified, 7.17

Timeline

Mar 9, 2022 CVE Published
Mar 10, 2022 EPSS Score
Apr 30, 2022 EPSS Score
Jun 20, 2022 EPSS Score
Aug 10, 2022 EPSS Score
Sep 30, 2022 EPSS Score
Nov 20, 2022 EPSS Score
Jan 10, 2023 EPSS Score
Mar 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 22, 2023 EPSS Score
Jun 11, 2023 EPSS Score

References

https://support.citrix.com/article/CTX341587 url
https://support.citrix.com/article/CTX341586 advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-26355 advisory

Open in Interactive Console →