PT-2014-6063 · Citrix · Citrix Xendesktop
Published
2014-07-11
·
Updated
2018-12-18
·
CVE-2014-4700
CVSS v2.0
4.9
Medium
| Vector | AV:A/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Citrix XenDesktop versions 4.x through 7.x
Description
The issue allows local guest users to gain access to another user's desktop via unspecified vectors when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled.
Recommendations
For versions 4.x through 7.x, consider enabling ShutdownDesktopsAfterUse to prevent unauthorized access to desktops. Additionally, restrict access to pooled random desktop groups to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Citrix Xendesktop