PT-2010-2385 · Citrix · Citrix Xenserver

Published

2010-02-12

Updated

2010-03-18

CVE-2010-0633

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Citrix XenServer versions 5.0 Update 3 and earlier Citrix XenServer version 5.5

Description The issue allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls.

Recommendations For Citrix XenServer versions 5.0 Update 3 and earlier, update to a version later than 5.0 Update 3 to resolve the issue. For Citrix XenServer version 5.5, update to a version later than 5.5 to resolve the issue. As a temporary workaround, consider restricting access to the Xen API (XAPI) to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-0633

Affected Products

Citrix Xenserver

PT-2010-2385 · Citrix · Citrix Xenserver

CVE-2010-0633

Related Identifiers

Affected Products

References · 9