Unauthorized Access in Citrix XenDesktop Due to Configuration Flaw
CVE-2014-4700

Currently unrated

Key Information:

Vendor: Citrix
Status: Xendesktop
Vendor: CVE Published:; 11 July 2014

Summary

Citrix XenDesktop versions 7.x, 5.x, and 4.x have a vulnerability that may allow local guest users to access other users' desktops. This issue arises when pooled random desktop groups are enabled and the ShutdownDesktopsAfterUse setting is disabled. As a result, unprivileged users can exploit this configuration flaw, potentially leading to unauthorized access to sensitive information and impacting the overall security of the environment.

References

http://www.securityfocus.com/bid/68530

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1030566

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/59889

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 11, 2014
Vulnerability Reserved
Jun 30, 2014