9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
60.8%
A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host.
This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.2.
The following vulnerability has been addressed:
Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes as soon as possible. The hotfixes can be downloaded from the following locations:
Citrix XenServer 7.2: CTX229067 – <https://support.citrix.com/article/CTX229067>
Citrix XenServer 7.1 LTSR CU1: CTX229066 – <https://support.citrix.com/article/CTX229066>
Citrix XenServer 7.1 LTSR: CTX229065 – <https://support.citrix.com/article/CTX229065>
Citrix XenServer 7.0: CTX229064 – <https://support.citrix.com/article/CTX229064>
Citrix XenServer 6.5 SP1: CTX229063 – <https://support.citrix.com/article/CTX229063>
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at _ <http://support.citrix.com/>_.
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at _ <https://www.citrix.com/support/open-a-support-case.html>_.
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix
Date | Change |
---|---|
24th October 2017 | Initial Publishing |
CPE | Name | Operator | Version |
---|---|---|---|
citrix xenserver | le | 7.2 | |
citrix xenserver | le | 7.1 | |
citrix xenserver | le | 7.1 | |
citrix xenserver | le | 7.0 | |
citrix xenserver | le | 6.5 |
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
60.8%