CVE-2018-18013

** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost."

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://advisories.dxw.com/advisories/xen-mobile-vulnerable-to-code-execution-via-object-serialisation/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-10-24 21:29

Updated : 2024-08-05 11:15

NVD link : CVE-2018-18013

Mitre link : CVE-2018-18013

CVE.ORG link : CVE-2018-18013

JSON object : View

Products Affected

citrix

xenmobile_server

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2018-18013", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-10-24T21:29:00.657", "references": [{"url": "https://advisories.dxw.com/advisories/xen-mobile-vulnerable-to-code-execution-via-object-serialisation/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is \"already mitigated by the internal firewall that limits access to configuration services to localhost."}, {"lang": "es", "value": "** EN DISPUTA ** Xen Mobile hasta la versi\u00f3n 10.8.0 incluye un servicio en escucha en el puerto 5001 en su firewall que acepta entradas no autenticadas. Si el servicio se proporciona con objetos Java serializados en bruto, los vuelve a deserializar en objetos Java en la memoria, lo que provoca una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. NOTA: el fabricante discute que esto sea una vulnerabilidad, indicando que \"ya ha sido mitigado por el firewall interno que limita el acceso a los servicios de configuraci\u00f3n del localhost\"."}], "lastModified": "2024-08-05T11:15:38.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CA09036-632C-43B1-905D-9C0791741175", "versionEndIncluding": "10.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}