1. CVE-Search
  2. CVE-2008-2299
ID CVE-2008-2299
Summary Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:presentation_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:presentation_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:presentation_server:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:presentation_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:presentation_server:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:presentation_server:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:access_essentials:-:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:access_essentials:-:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:access_essentials:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:access_essentials:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:desktop_server:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:desktop_server:1.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-08-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 29233
confirm http://support.citrix.com/article/CTX114893
sectrack 1020026
secunia 30271
vupen ADV-2008-1531
xf citrix-presentationserver-ica-weak-security(42444)
Last major update 08-08-2017 - 01:30
Published 18-05-2008 - 14:20
Last modified 08-08-2017 - 01:30
Back to Top