Vulnerability Details : CVE-2014-4700
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2014-4700
Probability of exploitation activity in the next 30 days: 0.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-4700
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:A/AC:M/Au:S/C:P/I:P/A:P |
4.4
|
6.4
|
NIST |
CWE ids for CVE-2014-4700
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4700
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94460
Citrix XenDesktop desktop groups unauthorized access CVE-2014-4700 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/68530
Citrix XenDesktop CVE-2014-4700 Unspecified Unauthorized Access VulnerabilityThird Party Advisory;VDB Entry
-
http://support.citrix.com/article/CTX139591
CVE-2014-4700 - Vulnerability in Citrix XenDesktop could result in unauthorized access to another user's desktopPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1030566
Citrix XenDesktop Unspecified Flaw in Pooled Random Desktop Groups Lets Remote Users Access Other User Desktops - SecurityTrackerThird Party Advisory;VDB Entry
Products affected by CVE-2014-4700
- cpe:2.3:a:citrix:xendesktop:*:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xendesktop:*:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xendesktop:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xendesktop:4.0:fp1:*:*:*:*:*:*
- cpe:2.3:a:citrix:xendesktop:4.0:fp2:*:*:*:*:*:*
- cpe:2.3:a:citrix:xendesktop:5.6:fp1:*:*:*:*:*:*