Citrix XenServer Multiple Security Updates (CTX220112)

Published: 2017-01-26 09:36:18
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Detection Method:
Check the installed hotfixes

Recommendations:
Apply the hotfix referenced in the advisory

Summary:
Several security issues have been identified within Citrix XenServer. These issues could, if exploited, allow an authenticated administrator to perform a denial-of-service attack against the host, even when that administrator has a less-privileged RBAC role (e.g. read-only). In addition, the issues could permit an attacker with the ability to influence NTP traffic on the management network to disrupt time synchronization on the host until the next reboot. The following vulnerabilities have been addressed: CVE-2017-5572 (Low): Authenticated read-only administrator can corrupt host database CVE-2017-5573 (Low): Authenticated read-only administrator can cancel tasks of other administrators CVE-2015-5300, CVE-2015-7704, CVE-2015-7705 (Low): NTP updates. Customers who have not enabled NTP are unaffected by the NTP issues. Customers who have not enabled RBAC are unaffected by the RBAC issues. Customers using Citrix XenServer 6.0.2 in the Common Criteria configuration are unaffected by the RBAC issues.

Affected Versions:
XenServer 7.0 XenServer 6.5 XenServer 6.2.0 XenServer 6.0.2

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2017-5572
https://nvd.nist.gov/vuln/detail/CVE-2017-5573
https://nvd.nist.gov/vuln/detail/CVE-2015-5300
https://nvd.nist.gov/vuln/detail/CVE-2015-7704
https://nvd.nist.gov/vuln/detail/CVE-2015-7705

References:

https://support.citrix.com/article/CTX220112

Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.