Vigil@nce: XenServer, execution of functions of XAPI
February 2010 by Vigil@nce
An unauthenticated attacker can call some functions of XAPI.
– Severity: 2/4
– Consequences: privileged access/rights, user access/rights
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 04/02/2010
IMPACTED PRODUCTS
– Citrix XenServer
DESCRIPTION OF THE VULNERABILITY
The Xen API (XAPI) library provide functions to manage virtual
machines.
An unauthenticated attacker can call some functions of XAPI.
Technical details are unknown.
An attacker may thus for example execute code or alter virtual
machines.
CHARACTERISTICS
– Identifiers: BID-38052, CTX123456, VIGILANCE-VUL-9407
– Url: http://vigilance.fr/vulnerability/XenServer-execution-of-functions-of-XAPI-9407