Local Credential Exposure in Citrix VDI-in-a-Box
CVE-2014-2690

Currently unrated

Key Information:

Vendor: Citrix
Status: Vdi-in-a-box
Vendor: CVE Published:; 15 April 2014

What is CVE-2014-2690?

Citrix VDI-in-a-Box versions 5.3.x before 5.3.6 and 5.4.x before 5.4.3 contain a vulnerability that allows local users to gain unauthorized access to administrator credentials through log file reading. This could potentially lead to further exploitation of the system or elevated privileges. It is crucial for users to review their deployment and apply necessary patches to mitigate this risk.

References

http://www.securitytracker.com/id/1030068

vdb-entryx_refsource_SECTRACK

http://support.citrix.com/article/CTX140106

x_refsource_CONFIRM

http://secunia.com/advisories/57734

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2014
Vulnerability Reserved
Apr 1, 2014