Vulnerability in Citrix Xenserver

CVE-2016-9637

The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport acces…

EPSS: 0.001 (25.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2016-9637?
CVE-2016-9637 is a high-severity vulnerability in Citrix Xenserver, classified under CWE-264. CVSS score: 7.5/10. Published 2017-02-17.
How severe is CVE-2016-9637?
High severity. CVSS v3 base score is 7.5 out of 10.