Vulnerability CVE-2007-2850


Published: 2007-05-24   Modified: 2012-02-12

Description:
The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Citrix -> Access essentials 
Citrix -> Metaframe 

 References:
http://secunia.com/advisories/25371
http://www.vupen.com/english/advisories/2007/1918
http://www.securitytracker.com/id?1018098
http://support.citrix.com/article/CTX112964
http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf
http://xforce.iss.net/xforce/xfdb/34448

Copyright 2021, cxsecurity.com

 

Back to Top