Vulnerabilities > CVE-2018-18013 - Deserialization of Untrusted Data vulnerability in Citrix Xenmobile Server

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

citrix

CWE-502

NVD

Published: 2018-10-24

Updated: 2024-08-05

Summary

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.

Vulnerable Configurations

Part	Description	Count
Application	Citrix Citrix Xenmobile Server 9.0 Citrix Xenmobile Server 9.0.1 Citrix Xenmobile Server 9.0.2 Citrix Xenmobile Server 9.0.3 Citrix Xenmobile Server 9.0.4 Citrix Xenmobile Server 10.0 Citrix Xenmobile Server 10.1 Citrix Xenmobile Server 10.3 Citrix Xenmobile Server 10.3.6 Citrix Xenmobile Server 10.3.6.310 Citrix Xenmobile Server 10.4 Citrix Xenmobile Server 10.5 Citrix Xenmobile Server 10.6 Citrix Xenmobile Server 10.7 Citrix Xenmobile Server 10.8 Citrix Xenmobile Server 10.8.0	26

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://advisories.dxw.com/advisories/xen-mobile-vulnerable-to-code-execution-via-object-serialisation/