CVE-2008-2299
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions.
Vulnerabilidad no especificada en SecureICA e ICA Basic encryption de Citrix Presentation Server 4.5 y anteriores, Access Essentials 2.0 y anteriores y Desktop Server 1.0 puede provocar que los clientes usen configuraciones de encriptado más débiles que las configuradas por el administrador, lo que podría permitir a los atacantes evitar las restricciones previstas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-05-18 CVE Reserved
- 2008-05-18 CVE Published
- 2023-11-27 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/29233 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/1531/references | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42444 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.citrix.com/article/CTX114893 | 2017-08-08 | |
| http://www.securitytracker.com/id?1020026 | 2017-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/30271 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Presentation Server Search vendor "Citrix" for product "Presentation Server" | <= 4.5 Search vendor "Citrix" for product "Presentation Server" and version " <= 4.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | - |
Safe
|
| Citrix Search vendor "Citrix" | Access Essentials Search vendor "Citrix" for product "Access Essentials" | <= 2.0 Search vendor "Citrix" for product "Access Essentials" and version " <= 2.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Desktop Server Search vendor "Citrix" for product "Desktop Server" | 1.0 Search vendor "Citrix" for product "Desktop Server" and version "1.0" | - |
Affected
| ||||||