Citrix XenServer Guest-to-host DoS (CTX230624)

medium Nessus Plugin ID 105370

Synopsis

A server virtualization platform installed on the remote host is affected by a denial-of-service vulnerability.

Description

The version of Citrix XenServer installed on the remote host is missing a security hotfix. It is, therefore, affected by a denial-of-service vulnerability as noted in the CTX230624 advisory.

Note this vulnerability only affects Citrix XenServer 7.2 and 7.1 LTSR CU1.

Solution

Apply the appropriate hotfix according to the vendor advisory.

See Also

https://support.citrix.com/article/CTX230624

Plugin Details

Severity: Medium

ID: 105370

File Name: citrix_xenserver_CTX230624.nasl

Version: 1.6

Type: local

Family: Misc.

Published: 12/19/2017

Updated: 8/8/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:xenserver

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/XenServer/version

Patch Publication Date: 12/15/2017

Vulnerability Publication Date: 12/15/2017