Remote Code Execution Vulnerability in Citrix XenServer 7.0
CVE-2016-5302

9.8CRITICAL

Key Information:

Vendor

Citrix
Status
Xenserver
Vendor
CVE Published:
13 June 2016

What is CVE-2016-5302?

A vulnerability in Citrix XenServer 7.0 prior to Hotfix XS70E003 allows remote attackers on the management network to compromise a host. The vulnerability arises when systems are upgraded from earlier releases, potentially enabling unauthorized access through exploited Active Directory credentials. Administrators are encouraged to apply updates promptly to mitigate risks.

References

https://support.citrix.com/article/CTX213769
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036082
vdb-entryx_refsource_SECTRACK
http://support.citrix.com/article/CTX213549
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-5302 : Remote Code Execution Vulnerability in Citrix XenServer 7.0