Detections
Analytics

Citrix CloudPlatform Unauthorized Access Vulnerability (CTX140989)

low Nessus Plugin ID 79640

Language:

Synopsis

The application on the remote web server has an unauthorized access vulnerability related to virtual routers.

Description

Virtual routers created in Citrix CloudPlatform do not preserve the source restrictions in their firewall rules after being restarted.
This allows a remote attacker to bypass the intended restrictions and access network resources after a virtual router has been restarted.

Solution

Upgrade to version 3.0.7 Patch D / 4.2.1.3 or later.

See Also

https://support.citrix.com/article/CTX140989

Plugin Details

Severity: Low

ID: 79640

File Name: citrix_cloudplatform_manager_CVE-2013-6398.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 12/1/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Low

Base Score: 2.8

Temporal Score: 2.1

Vector: CVSS2#AV:N/AC:M/Au:M/C:P/I:N/A:N

CVSS Score Source: CVE-2013-6398

Vulnerability Information

CPE: cpe:/a:citrix:cloudplatform

Required KB Items: installed_sw/Citrix CloudPlatform

Exploit Ease: No known exploits are available

Patch Publication Date: 8/26/2014

Vulnerability Publication Date: 11/25/2013

Reference Information

CVE: CVE-2013-6398

BID: 64782, 69432