CVE-2018-18013 — Deserialization of Untrusted Data in Citrix Xenmobile Server

CWE-502 — Deserialization of Untrusted Data CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 52.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Xenmobile Server

Timeline

PublishedOct 24

Latest updateMay 14

Description

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDcitrix/xenmobile_server10.8.0

🔴Vulnerability Details

GHSA

GHSA-cwh4-297m-xrfv: ** DISPUTED *** Xen Mobile through 10↗2022-05-14

▶

📋Vendor Advisories

Red Hat

libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service↗2018-02-24

▶

💬Community

Bugzilla

CVE-2018-7456 libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service↗2018-03-15

▶