CVE-2013-2757 — Citrix Cloudplatform vulnerability

CWE-2644 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.9%

top 16.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Cloudplatform

Timeline

PublishedMay 23

Latest updateMay 17

Description

Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcitrix/cloudplatform5 versions+4

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-6mmc-w668-v37v: Citrix CloudPlatform (formerly Citrix CloudStack) 3↗2022-05-17

▶

CVEList

CVE-2013-2757: Citrix CloudPlatform (formerly Citrix CloudStack) 3↗2014-05-23

▶

📋Vendor Advisories

Citrix

CVE-2013-2757: Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network,↗2014-05-23

▶