Citrix XenDesktop 4.x / 5.x / 7.x Unauthorized Access (CTX139591)

medium Nessus Plugin ID 76571

Synopsis

The remote host is affected by an unauthorized access vulnerability.

Description

The remote host is running a version of Citrix XenDesktop that is affected by an unauthorized access vulnerability. A flaw exists that could result in a user gaining unauthorized access to another user's desktop.

Note that this vulnerability only affects configurations when pooled random desktop groups are enabled and the 'ShutdownDesktopsAfterUse' setting is set to the non-default state of disabled.

Solution

Apply the appropriate hotfix or set 'ShutdownDesktopsAfterUse' to enabled.

See Also

https://support.citrix.com/article/CTX139591

Plugin Details

Severity: Medium

ID: 76571

File Name: citrix_xendesktop_ctx139591.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 7/17/2014

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:citrix:xendesktop

Required KB Items: Settings/ParanoidReport, SMB/Citrix_XenDesktop/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 7/10/2014

Vulnerability Publication Date: 7/10/2014

Reference Information

CVE: CVE-2014-4700

BID: 68530