Citrix XenServer Active Directory Authentication Incorrect Host Management Security Bypass (CTX213549, CTX213769)
High Nessus Plugin ID 91885
SynopsisThe remote host is affected by a security bypass vulnerability.
DescriptionThe version of Citrix XenServer running on the remote host is 7.x prior to 7.0 hotfix XS70E003. It is, therefore, affected by a security bypass vulnerability due to incorrect handling of Active Directory (AD) credentials. An unauthenticated, remote attacker on the management network with AD credentials for an AD account can exploit this to compromise the XenServer host even if the credentials do not have authorization.
SolutionApply hotfix XS70E003 as referenced in the vendor advisory.