Sign-up

ID

VAR-201703-0722


CVE

CVE-2017-5571


TITLE

Citrix License Server for Windows and License Server VPX Open redirection vulnerability

Trust: 0.8

sources: IVD: 9ff100a5-a25a-47cc-a9f4-725b8ff0fb74 // CNVD: CNVD-2017-01545

DESCRIPTION

Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Citrix License Server for Windows and License Server VPX are products of Citrix Systems. The former is a Windows-based authentication server, and the latter is an authentication server device. The attacker exploited the vulnerability to execute a specially crafted URI and induced user clicks. When the user clicks on the link, they are redirected to the attacker-controlled website, causing a phishing attack. Other attacks are possible

Trust: 2.61

sources: NVD: CVE-2017-5571 // JVNDB: JVNDB-2017-002122 // CNVD: CNVD-2017-01545 // BID: 96028 // IVD: 9ff100a5-a25a-47cc-a9f4-725b8ff0fb74

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 9ff100a5-a25a-47cc-a9f4-725b8ff0fb74 // CNVD: CNVD-2017-01545

AFFECTED PRODUCTS

vendor:flexerasoftwaremodel:flexnet publisherscope:lteversion:11.14.1

Trust: 1.0

vendor:flexeramodel:flexnet publisherscope:lteversion:11.14.1

Trust: 0.8

vendor:citrixmodel:license server for windowsscope:lteversion:<=11.14.0.1

Trust: 0.6

vendor:citrixmodel:license server vpxscope:lteversion:<=11.14.0.1

Trust: 0.6

vendor:flexerasoftwaremodel:flexnet publisherscope:eqversion:11.14.1

Trust: 0.6

vendor:flexeramodel:flexnet publisherscope:eqversion:11.14.1

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.9

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.6

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.5

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.14.0.1

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.13.1.2

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.12

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.11

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.10

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.11.1

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.9

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.6

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.5

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.14.0.1

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.13.1.2

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.12

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.11

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.10

Trust: 0.3

vendor:flexnet publishermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 9ff100a5-a25a-47cc-a9f4-725b8ff0fb74 // CNVD: CNVD-2017-01545 // BID: 96028 // JVNDB: JVNDB-2017-002122 // CNNVD: CNNVD-201702-207 // NVD: CVE-2017-5571

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5571
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-5571
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-01545
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201702-207
value: MEDIUM

Trust: 0.6

IVD: 9ff100a5-a25a-47cc-a9f4-725b8ff0fb74
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2017-5571
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-01545
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9ff100a5-a25a-47cc-a9f4-725b8ff0fb74
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-5571
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: IVD: 9ff100a5-a25a-47cc-a9f4-725b8ff0fb74 // CNVD: CNVD-2017-01545 // JVNDB: JVNDB-2017-002122 // CNNVD: CNNVD-201702-207 // NVD: CVE-2017-5571

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.8

sources: JVNDB: JVNDB-2017-002122 // NVD: CVE-2017-5571

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-207

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-207

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002122

PATCH
title:CTX219885url:https://support.citrix.com/article/CTX219885
Trust: 0.8
title:Top Pageurl:http://www.flexerasoftware.jp/producer/
Trust: 0.8
title:Patch for the Citrix License Server for Windows and License Server VPX Open Redirection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/89488
Trust: 0.6
title:Citrix License Server for Windows  and License Server VPX Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67511
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-01545 // 
            
            
            
            JVNDB: JVNDB-2017-002122 // 
            
            
            
            CNNVD: CNNVD-201702-207

EXTERNAL IDS
db:NVDid:CVE-2017-5571
Trust: 3.5
db:BIDid:96028
Trust: 2.5
db:ICS CERTid:ICSA-18-144-01
Trust: 1.8
db:SCHNEIDERid:SEVD-2018-137-01
Trust: 1.0
db:SCHNEIDERid:SEVD-2018-144-01
Trust: 1.0
db:CNVDid:CNVD-2017-01545
Trust: 0.8
db:CNNVDid:CNNVD-201702-207
Trust: 0.8
db:JVNDBid:JVNDB-2017-002122
Trust: 0.8
db:IVDid:9FF100A5-A25A-47CC-A9F4-725B8FF0FB74
Trust: 0.2
sources:
            
            
            IVD: 9ff100a5-a25a-47cc-a9f4-725b8ff0fb74 // 
            
            
            
            CNVD: CNVD-2017-01545 // 
            
            
            
            BID: 96028 // 
            
            
            
            JVNDB: JVNDB-2017-002122 // 
            
            
            
            CNNVD: CNNVD-201702-207 // 
            
            
            
            NVD: CVE-2017-5571

REFERENCES
url:http://www.securityfocus.com/bid/96028
Trust: 2.2
url:https://support.citrix.com/article/ctx219885
Trust: 1.9
url:https://www.schneider-electric.com/en/download/document/sevd-2018-137-01/
Trust: 1.0
url:https://www.schneider-electric.com/en/download/document/sevd-2018-144-01/
Trust: 1.0
url:https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager
Trust: 1.0
url:https://ics-cert.us-cert.gov/advisories/icsa-18-144-01
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5571
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-18-144-01
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5571
Trust: 0.8
url:http://www.citrix.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-01545 // 
            
            
            
            BID: 96028 // 
            
            
            
            JVNDB: JVNDB-2017-002122 // 
            
            
            
            CNNVD: CNNVD-201702-207 // 
            
            
            
            NVD: CVE-2017-5571

CREDITS
Jan Rude
Trust: 0.9
sources:
            
            
            BID: 96028 // 
            
            
            
            CNNVD: CNNVD-201702-207

SOURCES
db:IVDid:9ff100a5-a25a-47cc-a9f4-725b8ff0fb74
db:CNVDid:CNVD-2017-01545
db:BIDid:96028
db:JVNDBid:JVNDB-2017-002122
db:CNNVDid:CNNVD-201702-207
db:NVDid:CVE-2017-5571

LAST UPDATE DATE
2024-11-23T21:00:12.385000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01545date:2017-02-18T00:00:00
db:BIDid:96028date:2017-03-07T01:01:00
db:JVNDBid:JVNDB-2017-002122date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201702-207date:2017-03-06T00:00:00
db:NVDid:CVE-2017-5571date:2024-11-21T03:27:54.400

SOURCES RELEASE DATE
db:IVDid:9ff100a5-a25a-47cc-a9f4-725b8ff0fb74date:2017-02-18T00:00:00
db:CNVDid:CNVD-2017-01545date:2017-02-20T00:00:00
db:BIDid:96028date:2017-02-06T00:00:00
db:JVNDBid:JVNDB-2017-002122date:2017-03-29T00:00:00
db:CNNVDid:CNNVD-201702-207date:2017-02-09T00:00:00
db:NVDid:CVE-2017-5571date:2017-03-03T15:59:00.883