Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
citrixCitrixCTX217430
HistoryOct 06, 2016 - 4:00 a.m.

CVE-2016-6273 - Denial of Service Vulnerability in Citrix License Server

2016-10-0604:00:00
support.citrix.com
19

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.007 Low

EPSS

Percentile

80.9%

JSON

Description of Problem

A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote, unauthenticated attacker to crash the License Server.

This vulnerability affects all versions of Citrix License Server for Windows and Citrix License Server VPX earlier than version 11.14.0.1.

This vulnerability has been assigned the following CVE number:

  • CVE-2016-6273

Mitigating Factors

In Citrix deployments where the License Server has been deployed on an isolated management network, the risks presented by this vulnerability are reduced.

What Customers Should Do

Citrix has released a new version of the License Server for Windows and License Server VPX to address this vulnerability:

  • Citrix License Server for Windows version 11.14.0.1 and later
  • Citrix License Server VPX version 11.14.0.1 and later

These new versions can be obtained from the Citrix website at the following address:

<https://www.citrix.com/downloads/licensing.html&gt;

Citrix recommend that all customers upgrade to these new versions.

Acknowledgements

Citrix thanks Jim Carreer and Nicholas Miles of Tenable Network Security (<https://www.tenable.com>) for working with us to protect Citrix customers.

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at _ <http://support.citrix.com/&gt;_.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at _ <https://www.citrix.com/support/open-a-support-case.html&gt;_.

Reporting Security Vulnerabilities

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Code injection
2016-10-07 14:59:00
cve
cve
CVE-2016-6273
2016-10-07 14:59:05
cvelist
cvelist
CVE-2016-6273
2016-10-07 14:00:00
nvd
nvd
CVE-2016-6273
2016-10-07 14:59:05

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.007 Low

EPSS

Percentile

80.9%

JSON
Related for CTX217430
prion1cve1cvelist1nvd1