OpenCVE

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Citrix	Hypervisor Xenserver

Configuration 1 [-]

OR	cpe:2.3:a:citrix:xenserver:8.0:::::::*
	cpe:2.3:o:citrix:hypervisor:8.2:cumulative_update1:::long_term_service:::*

No data.

References

Link	Providers
https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661

History

Mon, 28 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2024-06-13T05:58:45.694Z

Updated: 2024-10-28T19:54:43.633Z

Reserved: 2024-06-05T17:26:31.502Z

Link: CVE-2024-5661

Vulnrichment

Updated: 2024-08-01T21:18:06.782Z

NVD

Status : Modified

Published: 2024-06-13T06:15:12.487

Modified: 2024-10-28T20:35:25.447

Link: CVE-2024-5661

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5661", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2024-06-05T17:26:31.502Z", "datePublished": "2024-06-13T05:58:45.694Z", "dateUpdated": "2024-10-28T19:54:43.633Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Citrix Hypervisor", "vendor": "Citrix", "versions": [{"lessThanOrEqual": "0", "status": "affected", "version": "8", "versionType": "patch"}, {"lessThanOrEqual": "XS82ECU1068", "status": "affected", "version": "8.2 CU1 LTSR", "versionType": "hotfix"}]}, {"defaultStatus": "unaffected", "product": "XenServer", "vendor": "Citrix", "versions": [{"lessThanOrEqual": "0", "status": "affected", "version": "8", "versionType": "patch"}, {"lessThanOrEqual": "XS82ECU1068", "status": "affected", "version": "8.2 CU1 LTSR", "versionType": "hotfix"}]}], "datePublic": "2024-06-12T05:54:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.</span><br>"}], "value": "An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive."}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-06-13T05:58:45.694Z"}, "references": [{"url": "https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661"}], "source": {"discovery": "UNKNOWN"}, "title": "Potential Denial of Service affecting XenServer and Citrix Hypervisor", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-14T20:17:25.710448Z", "id": "CVE-2024-5661", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T19:54:43.633Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.782Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.782Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-5661", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-14T20:17:25.710448Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-14T20:17:29.023Z"}}], "cna": {"title": "Potential Denial of Service affecting XenServer and Citrix Hypervisor", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Citrix", "product": "Citrix Hypervisor", "versions": [{"status": "affected", "version": "8", "versionType": "patch", "lessThanOrEqual": "0"}, {"status": "affected", "version": "8.2 CU1 LTSR", "versionType": "hotfix", "lessThanOrEqual": "XS82ECU1068"}], "defaultStatus": "unaffected"}, {"vendor": "Citrix", "product": "XenServer", "versions": [{"status": "affected", "version": "8", "versionType": "patch", "lessThanOrEqual": "0"}, {"status": "affected", "version": "8.2 CU1 LTSR", "versionType": "hotfix", "lessThanOrEqual": "XS82ECU1068"}], "defaultStatus": "unaffected"}], "datePublic": "2024-06-12T05:54:00.000Z", "references": [{"url": "https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.</span><br>", "base64": false}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-06-13T05:58:45.694Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5661", "state": "PUBLISHED", "dateUpdated": "2024-10-28T19:54:43.633Z", "dateReserved": "2024-06-05T17:26:31.502Z", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "datePublished": "2024-06-13T05:58:45.694Z", "assignerShortName": "Citrix"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:xenserver:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3AD5783A-5653-4F2F-9F70-092A58205DD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:hypervisor:8.2:cumulative_update1:*:*:long_term_service:*:*:*", "matchCriteriaId": "86717C8A-A380-4208-BA14-906B9EAFC3BA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive."}, {"lang": "es", "value": "Se ha identificado un problema tanto en XenServer 8 como en Citrix Hypervisor 8.2 CU1 LTSR que puede permitir que un administrador malintencionado de una m\u00e1quina virtual invitada haga que el host se vuelva lento o no responda."}], "id": "CVE-2024-5661", "lastModified": "2024-10-28T20:35:25.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-13T06:15:12.487", "references": [{"source": "secure@citrix.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}