6.8

CVE-2016-9111

Exploit

EPSS 3.49%
Published 07.11.2016 11:59:00
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us."

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Citrix ≫ Receiver Desktop Version4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.49%	0.864

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.securityfocus.com/bid/94229

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037176

https://packetstormsecurity.com/files/139493/Citrix-Receiver-Receiver-Desktop-Lock-4.5-Authentication-Bypass.html

Third Party Advisory

Exploit

VDB Entry

https://vuldb.com/?id.93250

Third Party Advisory

VDB Entry

https://www.exploit-db.com/exploits/40686/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-9111

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9111

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9111

EUVD