USB Redirection Flaw in Citrix XenDesktop Virtual Desktop Agent
CVE-2012-6314

Currently unrated

Key Information:

Vendor: Citrix
Status: Xendesktop
Vendor: CVE Published:; 26 December 2012

What is CVE-2012-6314?

The Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x prior to version 5.6.200 contains a flaw in its handling of server-side policies for USB redirection. This vulnerability permits authenticated users to maintain access to USB devices, even after changes are made to the server-side policies intended to restrict such access. This behavior could lead to unauthorized data transfer and potential security breaches, compromising the integrity of sensitive information within the virtual environment.

References

http://www.securityfocus.com/bid/56908

vdb-entryx_refsource_BID

http://osvdb.org/88369

vdb-entryx_refsource_OSVDB

http://support.citrix.com/article/CTX135813

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2012
Vulnerability Reserved
Dec 6, 2012