Citrix XenDesktop BrokerAccessPolicyRule Policy Rule Remote Security Bypass

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host may be affected by a remote security bypass
vulnerability.

Description :

The remote host is running a version of Citrix XenDesktop that could be
affected by a remote security bypass vulnerability, related to the
'BrokerAccessPolicyRule' policy rule.

Note that this vulnerability only affects installs that have been
upgraded from XenDesktop 5. Also, Nessus has not checked if any
workarounds have been applied.

See also :

http://support.citrix.com/article/CTX138627
http://support.citrix.com/article/CTX139335

Solution :

Upgrade to Citrix XenDesktop 7.1 or see the vendor's advisory for
instructions on how to reset the BrokerAccessPolicyRule settings.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 70741 ()

Bugtraq ID: 63413

CVE ID: CVE-2013-6077