漏洞标题
N/A
漏洞描述信息
"在 Citrix Receiver Desktop Lock 4.5 中错误的访问控制机制允许攻击者通过利用 VDI 的物理访问来暂时断开局域网电缆的验证要求。注意:截至 20161208,供应商无法重现该问题,表示“研究人员无法提供信息,使我们能够确认该行为,虽然在对支持产品进行测试部署的广泛调查中,我们未能重现他描述的行为。此外,尽管我们额外请求了更多信息,但研究人员已经停止对我们回复。”
CVSS信息
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us."
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Citrix Receiver Desktop Lock 安全绕过漏洞
漏洞描述信息
Citrix Receiver Desktop Lock是美国思杰系统(Citrix Systems)公司的一款用于服务器操作系统和桌面操作系统交付访问的客户端。 Citrix Receiver Desktop Lock 4.5版本中的安全漏洞。攻击者可通过物理访问VDI利用该漏洞绕过身份验证要求。
CVSS信息
N/A
漏洞类别
其他