Citrix XenDesktop 4.x / 5.x / 7.x Unauthorized Access (CTX139591)

Medium Nessus Plugin ID 76571


The remote host is affected by an unauthorized access vulnerability.


The remote host is running a version of Citrix XenDesktop that is affected by an unauthorized access vulnerability. A flaw exists that could result in a user gaining unauthorized access to another user's desktop.

Note that this vulnerability only affects configurations when pooled random desktop groups are enabled and the 'ShutdownDesktopsAfterUse' setting is set to the non-default state of disabled.


Apply the appropriate hotfix or set 'ShutdownDesktopsAfterUse' to enabled.

See Also

Plugin Details

Severity: Medium

ID: 76571

File Name: citrix_xendesktop_ctx139591.nasl

Version: $Revision: 1.1 $

Type: local

Agent: windows

Family: Windows

Published: 2014/07/17

Modified: 2014/07/17

Dependencies: 63325

Risk Information

Risk Factor: Medium


Base Score: 4.9

Temporal Score: 4.3

Vector: CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:xendesktop

Required KB Items: SMB/Citrix_XenDesktop/Installed, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/07/10

Vulnerability Publication Date: 2014/07/10

Reference Information

CVE: CVE-2014-4700

BID: 68530

OSVDB: 109010