Vulnerability Details CVE-2018-18014
* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2018-18014
-
cpe:2.3:a:citrix:xenmobile_server:10.0
-
cpe:2.3:a:citrix:xenmobile_server:10.1
-
cpe:2.3:a:citrix:xenmobile_server:10.3
-
cpe:2.3:a:citrix:xenmobile_server:10.3.6
-
cpe:2.3:a:citrix:xenmobile_server:10.3.6.310
-
cpe:2.3:a:citrix:xenmobile_server:10.4
-
cpe:2.3:a:citrix:xenmobile_server:10.5
-
cpe:2.3:a:citrix:xenmobile_server:10.6
-
cpe:2.3:a:citrix:xenmobile_server:10.7
-
cpe:2.3:a:citrix:xenmobile_server:10.8
-
cpe:2.3:a:citrix:xenmobile_server:10.8.0
-
cpe:2.3:a:citrix:xenmobile_server:9.0
-
cpe:2.3:a:citrix:xenmobile_server:9.0.1
-
cpe:2.3:a:citrix:xenmobile_server:9.0.2
-
cpe:2.3:a:citrix:xenmobile_server:9.0.3
-
cpe:2.3:a:citrix:xenmobile_server:9.0.4