CVE-2001-0908 — Use of Less Trusted Source in Citrix Metaframe

CWE-348 — Use of Less Trusted Source4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Metaframe

Timeline

PublishedNov 21

Latest updateApr 30

Description

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcitrix/metaframe1.8

🔴Vulnerability Details

GHSA

GHSA-4987-53r7-55gr: CITRIX Metaframe 1↗2022-04-30

▶

📋Vendor Advisories

Citrix

CVE-2001-0908: CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows↗2001-11-21

▶

📐Framework References

CWE

Use of Less Trusted Source↗

▶