Title

Citrix EdgeSight Remote Code Execution Vulnerability (Cat I impact)

Discussion

Citrix has addressed a vulnerability affecting Citrix EdgeSight for Active Application Monitoring and Citrix EdgeSight for Load Testing. To exploit the vulnerability, an attacker would send malicious packets to UDP or TCP port 18747. If successfully exploited, this vulnerability would allow a remote attacker to execute arbitrary code resulting in the compromise of affected systems. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability A vulnerability has been identified in Citrix EdgeSight for Active Application Monitoring and Citrix EdgeSight for Load Testing that, when triggered, could allow a remote attacker to execute arbitrary code in the context of a privileged system account.

Check Content

GROUP ID (VULID): V-29527 GROUP TITLE: 2011-B-0084 RULE TITLE: Citrix EdgeSight Remote Code Execution Vulnerability CHECK CONTENT: Download and apply the appropriate patches from the vendor. See the IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: Citrix EdgeSight for Active Application Monitoring installations to version 5.3 SP2 or later Citrix EdgeSight for Load Testing installations to version 3.8.1 or later Apply appropriate Citrix Hotfix. The hotfixes can be verified through the XenApp Access Management Console. Select the server you want to check, in the right pane, click the dropdown box, select hotfix displays > hotfix summary.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-29527

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.