Citrix Studio < 7.6.1000 Insecure Access Policy Configuration (CTX213045)

Medium Nessus Plugin ID 92038


The remote host is affected by a security bypass vulnerability.


The version of Citrix Studio, bundled with Citrix XenApp or XenDesktop, is prior to 7.6.1000. It is, therefore, affected by an unspecified security bypass vulnerability. An unauthenticated, remote attacker can exploit this to set Access Policy rules on the XenDesktop Delivery Controller, resulting in an insecure Access Policy configuration.


See vendor advisory for update information.

See Also

Plugin Details

Severity: Medium

ID: 92038

File Name: citrix_studio_CTX213045.nasl

Version: $Revision: 1.3 $

Type: local

Family: Misc.

Published: 2016/07/13

Modified: 2016/07/18

Dependencies: 92039

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:xenapp, cpe:/a:citrix:xendesktop

Required KB Items: installed_sw/Citrix Studio

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/05/31

Vulnerability Publication Date: 2016/05/31

Reference Information

CVE: CVE-2016-4810

BID: 90956

OSVDB: 139259

IAVB: 2016-B-0098