Описание
- Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.8.0 (включая)
cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00039
Низкий
7.8 High
CVSS3
4.8 Medium
CVSS3
7.2 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost."
EPSS
Процентиль: 12%
0.00039
Низкий
7.8 High
CVSS3
4.8 Medium
CVSS3
7.2 High
CVSS2
Дефекты
CWE-287