CVE-2014-4700Citrix Xendesktop vulnerability

CWE-2644 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 50.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Citrix XendesktopCitrix ADMCitrix Hypervisor+5 more
Timeline
PublishedJul 11
Latest updateMay 14

Description

Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 4.4 | Impact: 6.4

Affected Packages9 packages

NVDcitrix/xendesktop5.05.6+3

Patches

Patch: support.citrix.comPatch: support.citrix.com

🔴Vulnerability Details

1
GHSA
GHSA-7g6q-fw46-cpmr: Citrix XenDesktop 72022-05-14

📋Vendor Advisories

2
Citrix
CVE-2014-4700: Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users t2014-07-11
Citrix
Citrix Security Bulletin CTX139591