Citrix XenDesktop BrokerAccessPolicyRule Policy Rule Remote Security Bypass

Medium Nessus Plugin ID 70741


The remote host may be affected by a remote security bypass vulnerability.


The remote host is running a version of Citrix XenDesktop that could be affected by a remote security bypass vulnerability, related to the 'BrokerAccessPolicyRule' policy rule.

Note that this vulnerability only affects installations that have been upgraded from XenDesktop 5. Also, Nessus has not checked if any workarounds have been applied.


Upgrade to Citrix XenDesktop 7.1 or see the vendor's advisory for instructions on how to reset the BrokerAccessPolicyRule settings.

See Also

Plugin Details

Severity: Medium

ID: 70741

File Name: citrix_xendesktop_ctx138627.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2013/11/04

Modified: 2016/06/13

Dependencies: 63325

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:xendesktop

Required KB Items: SMB/Citrix_XenDesktop/Installed, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/10/22

Vulnerability Publication Date: 2013/10/22

Reference Information

CVE: CVE-2013-6077

BID: 63413

OSVDB: 98890