Vulmon
Description of Problem
A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote, unauthenticated attacker to crash the License Server.
This vulnerability affects all versions of Citrix License Server for Windows and Citrix License Server VPX earlier than version 11.14.0.1.
This vulnerability has been assigned the following CVE number:
- CVE-2016-6273
Mitigating Factors
In Citrix deployments where the License Server has been deployed on an isolated management network, the risks presented by this vulnerability are reduced.
What Customers Should Do
Citrix has released a new version of the License Server for Windows and License Server VPX to address this vulnerability:
- Citrix License Server for Windows version 11.14.0.1 and later
- Citrix License Server VPX version 11.14.0.1 and later
These new versions can be obtained from the Citrix website at the following address:
https://www.citrix.com/downloads/licensing.html
Citrix recommend that all customers upgrade to these new versions.
Acknowledgements
Citrix thanks Jim Carreer and Nicholas Miles of Tenable Network Security (https://www.tenable.com) for working with us to protect Citrix customers.
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html.
Reporting Security Vulnerabilities
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix