CVE-2018-18014
Global infos:
* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
CVE Status: Modified
References:
Metrics:
| Attribute | Value |
|---|---|
| Attack Complexity | LOW |
| Attack Vector | LOCAL |
| Availability Impact | LOW |
| Base Score | 4.8 |
| Base Severity | MEDIUM |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Privileges Required | LOW |
| Scope | UNCHANGED |
| User Interaction | REQUIRED |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
| Exploitability Score | 1.3 |
| Impact Score | 3.4 |
| Source | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| Type | Secondary |