CVE-2016-9111

6.8MEDIUM

Key Information:

Vendor
Citrix
Status
Receiver Desktop
Vendor
CVE Published:
7 November 2016

Summary

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us."

References

https://vuldb.com/?id.93250
x_refsource_MISC
http://www.securitytracker.com/id/1037176
vdb-entryx_refsource_SECTRACK
https://www.exploit-db.com/exploits/40686/
exploitx_refsource_EXPLOIT-DB

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.