CVE-2014-2690 — Citrix Vdi-in-a-box vulnerability

CWE-2647 documents4 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 78.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Vdi-in-a-box Citrix ADM Citrix Hypervisor +5 more

Timeline

PublishedApr 15

Latest updateMay 17

Description

Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages8 packages

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶NVDcitrix/vdi-in-a-box9 versions+8

▶citrixcitrix/netscaler_adc

▶citrixcitrix/citrix_hypervisor

🔴Vulnerability Details

GHSA

GHSA-g28c-wf7m-3x35: Citrix VDI-in-a-Box 5↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

Alienvault OSSIM av-centerd - Util.pm sync_rserver Command Execution (Metasploit)↗2017-09-13

▶

Exploit-DB

Alienvault Open Source SIEM (OSSIM) 4.6.1 - (Authenticated) SQL Injection (Metasploit)↗2014-05-12

▶

📋Vendor Advisories

Citrix

CVE-2014-2690: Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.↗2014-04-15

▶

Citrix

Citrix Security Bulletin CTX140106↗

▶