vendor:
Command Center
by:
Anonymous
8.8
CVSS
HIGH
Credential Disclosure
200
CWE
Product Name: Command Center
Affected Version From: Citrix Command Center 5.1 build 33.3 (including patch CC_SP_5.2_40_1.exe)
Affected Version To: Citrix Command Center 5.2 build 42.7
Patch Exists: YES
Related CWE: None
CPE: a:citrix:command_center
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2020
Citrix Command Center Credential Disclosure Vulnerability
It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.
Mitigation:
Citrix reports that this vulnerability is fixed in Command Center 5.2 build 42.7, which can be downloaded from the following location (login required).