Citrix XenServer Multiple Vulnerabilities (CTX140984)

Critical Nessus Plugin ID 76771


The remote device is missing a vendor-supplied security patch.


The remote host is running a version of Citrix XenServer that is affected by multiple vulnerabilities :

- An information disclosure exists due to the Xen hypervisor's failure to properly clean memory pages.

- An unspecified vulnerability exists due to a buffer overflow in the HVM graphics console. (CVE-2014-4947)

- XenServer is affected by an unspecified denial of service and information disclosure vulnerability.


Apply the relevant hotfix referenced in the advisory.

See Also

Plugin Details

Severity: Critical

ID: 76771

File Name: citrix_xenserver_CTX140984.nasl

Version: $Revision: 1.6 $

Type: local

Family: Misc.

Published: 2014/07/24

Modified: 2017/02/08

Dependencies: 76770

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:citrix:xenserver

Required KB Items: Host/XenServer/version, Host/local_checks_enabled

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/07/15

Vulnerability Publication Date: 2014/07/15

Reference Information

CVE: CVE-2014-4021, CVE-2014-4947, CVE-2014-4948

BID: 68070, 68659, 68660

OSVDB: 108199, 109189, 109229