Vulnerability CVE-2008-2299


Published: 2008-05-18   Modified: 2012-02-12

Description:
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions.

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Citrix -> Access essentials 
Citrix -> Desktop server 
Citrix -> Presentation server 

 References:
http://www.securitytracker.com/id?1020026
http://support.citrix.com/article/CTX114893
http://xforce.iss.net/xforce/xfdb/42444
http://www.vupen.com/english/advisories/2008/1531/references
http://www.securityfocus.com/bid/29233
http://secunia.com/advisories/30271

Copyright 2021, cxsecurity.com

 

Back to Top