This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote host is affected by a code execution vulnerability.
The version of Citrix XenServer running on the remote host is affected
by a heap buffer overflow condition in the IDE subsystem of the
bundled QEMU software, which is related to I/O buffer access when
handling certain ATAPI commands. An attacker, with sufficient
privileges in an HVM guest VM, can exploit this issue to execute
arbitrary code in the context of the hypervisor process on the host
system. Note that exploitation requires the CDROM drive to be enabled
on the guest system.
See also :
Apply the relevant hotfix referenced in the vendor advisory.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 4.8
Public Exploit Available : false