Citrix XenDesktop BrokerAccessPolicyRule Policy Rule Remote Security Bypass

medium Nessus Plugin ID 70741

Synopsis

The remote host may be affected by a remote security bypass vulnerability.

Description

The remote host is running a version of Citrix XenDesktop that could be affected by a remote security bypass vulnerability, related to the 'BrokerAccessPolicyRule' policy rule.

Note that this vulnerability only affects installations that have been upgraded from XenDesktop 5. Also, Nessus has not checked if any workarounds have been applied.

Solution

Upgrade to Citrix XenDesktop 7.1 or see the vendor's advisory for instructions on how to reset the BrokerAccessPolicyRule settings.

See Also

https://support.citrix.com/article/CTX138627

https://support.citrix.com/article/CTX139335

Plugin Details

Severity: Medium

ID: 70741

File Name: citrix_xendesktop_ctx138627.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 11/4/2013

Updated: 11/27/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2013-6077

Vulnerability Information

CPE: cpe:/a:citrix:xendesktop

Required KB Items: Settings/ParanoidReport, SMB/Citrix_XenDesktop/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 10/22/2013

Vulnerability Publication Date: 10/22/2013

Reference Information

CVE: CVE-2013-6077

BID: 63413