CVE-2018-18014
First published: Wed Oct 24 2018(Updated: )
* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix XenMobile Server | <=10.8.0 | |
| <=10.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Citrix Xen Mobile vulnerability?
The vulnerability ID for this Citrix Xen Mobile vulnerability is CVE-2018-18014.
What is the severity rating for CVE-2018-18014?
The severity rating for CVE-2018-18014 is high with a score of 7.8.
How does this vulnerability impact Citrix Xen Mobile?
This vulnerability allows low-privileged local users to execute system commands as root on Citrix Xen Mobile.
What is the affected software version of Citrix Xen Mobile?
The affected software version of Citrix Xen Mobile is up to and including 10.8.0.
Is there a fix for CVE-2018-18014?
Please refer to the vendor's advisory for any available fixes for CVE-2018-18014.
- collector/nvd-index
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/status
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/tags
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- status/disputed
- vendor/citrix
- canonical/citrix xenmobile server
- version/citrix xenmobile server/10.8.0