Citrix XenDesktop 4.x / 5.x / 7.x Unauthorized Access (CTX139591)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by an unauthorized access vulnerability.

Description :

The remote host is running a version of Citrix XenDesktop that is
affected by an unauthorized access vulnerability. A flaw exists that
could result in a user gaining unauthorized access to another user's
desktop.

Note that this vulnerability only affects configurations when pooled
random desktop groups are enabled and the 'ShutdownDesktopsAfterUse'
setting is set to the non-default state of disabled.

See also :

http://support.citrix.com/article/CTX139591

Solution :

Apply the appropriate hotfix or set 'ShutdownDesktopsAfterUse' to
enabled.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 76571 ()

Bugtraq ID: 68530

CVE ID: CVE-2014-4700

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now