What is the severity of CVE-2016-9111?

CVE-2016-9111 has a moderate severity rating due to the potential for unauthorized access through an authentication bypass.

How do I fix CVE-2016-9111?

To fix CVE-2016-9111, users are advised to update to the latest version of Citrix Receiver Desktop that addresses this vulnerability.

What causes CVE-2016-9111?

CVE-2016-9111 is caused by incorrect access control mechanisms that allow physical access exploitation.

Who is affected by CVE-2016-9111?

CVE-2016-9111 specifically affects users of Citrix Receiver Desktop Lock version 4.5.

Can CVE-2016-9111 be exploited remotely?

CVE-2016-9111 requires physical access to the device, making it not exploitable remotely.

Vulnerability/
CVE-2016-9111

medium

6.8

CWE

254 284

7/11/2016

6/8/2024

CVE-2016-9111

First published: Mon Nov 07 2016(Updated: )

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Citrix Receiver	=4.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9111?
CVE-2016-9111 has a moderate severity rating due to the potential for unauthorized access through an authentication bypass.
How do I fix CVE-2016-9111?
To fix CVE-2016-9111, users are advised to update to the latest version of Citrix Receiver Desktop that addresses this vulnerability.
What causes CVE-2016-9111?
CVE-2016-9111 is caused by incorrect access control mechanisms that allow physical access exploitation.
Who is affected by CVE-2016-9111?
CVE-2016-9111 specifically affects users of Citrix Receiver Desktop Lock version 4.5.
Can CVE-2016-9111 be exploited remotely?
CVE-2016-9111 requires physical access to the device, making it not exploitable remotely.

agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/references
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/citrix
canonical/citrix receiver
version/citrix receiver/4.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.