Vulnerability Details : CVE-2012-6314
Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.
Exploit prediction scoring system (EPSS) score for CVE-2012-6314
Probability of exploitation activity in the next 30 days: 0.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-6314
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2012-6314
-
http://www.securitytracker.com/id?1027869
Citrix XenDesktop Lets Remote Authenticated Users Bypass USB Redirection Policies - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80626
Citrix XenDesktop Virtual Desktop Agent security bypass CVE-2012-6314 Vulnerability Report
-
http://www.securityfocus.com/bid/56908
Citrix XenDesktop Virtual Desktop Agent Local Security Bypass Vulnerability
-
http://support.citrix.com/article/CTX135813
CVE-2012-6314 - Weakness in Citrix XenDesktop could result in inconsistent propagation of USB redirection policy changesVendor Advisory
Products affected by CVE-2012-6314
- cpe:2.3:a:citrix:xendesktop:5.6:*:*:*:*:*:*:*