Vulnerability in Citrix Cloudplatform

CVE-2013-2757

Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors.

EPSS: 0.019 (83.6th percentile) — read the EPSS interpretation.

Affected products

Citrix Cloudplatform — versions 3.0, 3.0.3, 3.0.4
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

92746 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
cloudplatform-cve20132757-sec-bypass(83783) (vdb-entry, x_refsource_XF)
1028473 (vdb-entry, x_refsource_SECTRACK)
53204 (x_refsource_SECUNIA, third-party-advisory)
59467 (vdb-entry, x_refsource_BID)