Citrix Studio < 7.6.1000 Insecure Access Policy Configuration (CTX213045)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a security bypass vulnerability.

Description :

The version of Citrix Studio, bundled with Citrix XenApp or
XenDesktop, is prior to 7.6.1000. It is, therefore, affected by an
unspecified security bypass vulnerability. An unauthenticated, remote
attacker can exploit this to set Access Policy rules on the XenDesktop
Delivery Controller, resulting in an insecure Access Policy
configuration.

See also :

http://support.citrix.com/article/CTX213045

Solution :

See vendor advisory for update information.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 92038 ()

Bugtraq ID: 90956

CVE ID: CVE-2016-4810

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now