Vulnerability Details : CVE-2016-6273
The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode.
Vulnerability category: Denial of service
Products affected by CVE-2016-6273
- cpe:2.3:a:citrix:license_server:*:*:*:*:*:windows:*:*
- cpe:2.3:a:citrix:license_server_vpx:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6273
1.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6273
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2016-6273
-
http://support.citrix.com/article/CTX217430
CVE-2016-6273 - Denial of Service Vulnerability in Citrix License ServerVendor Advisory
-
http://www.securityfocus.com/bid/93450
Citrix License Server CVE-2016-6273 Denial of Service Vulnerability
-
https://www.tenable.com/security/research/tra-2016-29
[R2] Citrix License Server / Flexera FlexNet Publisher lmadmin.exe 2F Packet Handling Remote DoS - Research Advisory | TenableĀ®
-
http://www.securitytracker.com/id/1037008
Citrix License Server Unspecified Bug Lets Remote Users Cause the Target System to Crash - SecurityTracker
Jump to