Vulnerability Details : CVE-2014-4947
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2014-4947
Probability of exploitation activity in the next 30 days: 0.66%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-4947
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-4947
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4947
-
http://support.citrix.com/article/CTX140984
Citrix XenServer Multiple Security UpdatesVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94631
Citrix XenServer HVM graphics console buffer overflow CVE-2014-4947 Vulnerability Report
-
http://www.securitytracker.com/id/1030604
Citrix XenServer Flaws Let Local Users Deny Service and Obtain Potentially Sensitive Information - SecurityTracker
-
http://www.securityfocus.com/bid/68659
Citrix XenServer HVM Graphics CVE-2014-4947 Buffer Overflow Vulnerability
Products affected by CVE-2014-4947
- cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*