Unauthorized Command Execution in Citrix Xen Mobile by Low-Privileged Users
CVE-2018-18014
7.8HIGH
Summary
Citrix Xen Mobile 10.8 has a security flaw that allows low-privileged local users to execute system commands as root. This can be done by making requests to private services operating on ports 8000, 30000, and 30001 without proper authentication, thus threatening the integrity of the system. While the vendor asserts that the risk is mitigated by an internal firewall restricting access to configuration services, this vulnerability highlights potential security concerns regarding local access and command execution.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved