Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-6273

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Oct, 2016 | 14:00
Updated At-06 Aug, 2024 | 01:22
Rejected At-
Credits

The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Oct, 2016 | 14:00
Updated At:06 Aug, 2024 | 01:22
Rejected At:
▼CVE Numbering Authority (CNA)

The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.tenable.com/security/research/tra-2016-29
x_refsource_MISC
http://www.securitytracker.com/id/1037008
vdb-entry
x_refsource_SECTRACK
http://support.citrix.com/article/CTX217430
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93450
vdb-entry
x_refsource_BID
Hyperlink: https://www.tenable.com/security/research/tra-2016-29
Resource:
x_refsource_MISC
Hyperlink: http://www.securitytracker.com/id/1037008
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://support.citrix.com/article/CTX217430
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/93450
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.tenable.com/security/research/tra-2016-29
x_refsource_MISC
x_transferred
http://www.securitytracker.com/id/1037008
vdb-entry
x_refsource_SECTRACK
x_transferred
http://support.citrix.com/article/CTX217430
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/93450
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.tenable.com/security/research/tra-2016-29
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securitytracker.com/id/1037008
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://support.citrix.com/article/CTX217430
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/93450
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Oct, 2016 | 14:59
Updated At:12 Apr, 2025 | 10:46

The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Citrix (Cloud Software Group, Inc.)
citrix
>>license_server>>Versions up to 11.14.0.0(inclusive)
cpe:2.3:a:citrix:license_server:*:*:*:*:*:windows:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>license_server_vpx>>Versions up to 11.14.0.0(inclusive)
cpe:2.3:a:citrix:license_server_vpx:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://support.citrix.com/article/CTX217430cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/93450cve@mitre.org
N/A
http://www.securitytracker.com/id/1037008cve@mitre.org
N/A
https://www.tenable.com/security/research/tra-2016-29cve@mitre.org
N/A
http://support.citrix.com/article/CTX217430af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/93450af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1037008af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.tenable.com/security/research/tra-2016-29af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://support.citrix.com/article/CTX217430
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/93450
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1037008
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.tenable.com/security/research/tra-2016-29
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.citrix.com/article/CTX217430
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/93450
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1037008
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.tenable.com/security/research/tra-2016-29
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12Records found
CVE-2001-0716
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.11% / 77.20%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-metaframen/a
CVE-2009-2214
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.77% / 81.91%
||
7 Day CHG~0.00%
Published-25 Jun, 2009 | 21:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-secure_gatewayn/a
CWE ID-CWE-399
Not Available
CVE-2015-7704
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-53.09% / 97.87%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Citrix (Cloud Software Group, Inc.)McAfee, LLCNetApp, Inc.
Product-oncommand_unified_manageroncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapxenserverenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_security_managerntpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22919
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.01%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:16
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-mpx_15100-50g_fipsmpx\/sdx_14030_fipsmpx_15060-50g_fips5000-wonetscaler_gatewayapplication_delivery_controllergatewaympx_15120-50g_fipsmpx_8910_fipsmpx_15030-50g_fips4000-wompx_8920_fipsmpx\/sdx_14080_fipsmpx_15040-50g_fips4100-wompx_15080-50g_fipsmpx\/sdx_14060_fipssd-wan_wanop5100-woapplication_delivery_controller_firmwarempx_8905_fipsCitrix ADC, Citrix Gateway, Citrix SD-WAN WANOP
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2013-6938
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-10 Mar, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to the "Virtual Machine Daemon."

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-netscaler_application_delivery_controller_firmwaren/a
CVE-2013-6939
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.56% / 67.12%
||
7 Day CHG~0.00%
Published-10 Mar, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to "RADIUS authentication."

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-netscaler_application_delivery_controller_firmwaren/a
CVE-2020-8187
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.62% / 69.19%
||
7 Day CHG~0.00%
Published-10 Jul, 2020 | 15:35
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-application_delivery_controllernetscaler_gateway_firmwarenetscaler_gatewayapplication_delivery_controller_firmwareCitrix ADC, Citrix Gateway
CWE ID-CWE-20
Improper Input Validation
CVE-2007-3625
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.77% / 81.91%
||
7 Day CHG~0.00%
Published-09 Jul, 2007 | 16:00
Updated-07 Aug, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-metaframe_presentation_servern/a
CVE-2006-5861
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.86% / 90.98%
||
7 Day CHG~0.00%
Published-10 Nov, 2006 | 23:00
Updated-07 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-metaframe_presentation_servermetaframen/a
CVE-2022-27512
Matching Score-8
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Citrix Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.29%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 18:53
Updated-16 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Temporary disruption of the ADM license service

Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)
Product-application_delivery_managementCitrix Application Delivery Management (Citrix ADM)
CWE ID-CWE-664
Improper Control of a Resource Through its Lifetime
CWE ID-CWE-416
Use After Free
CVE-2020-8246
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.23%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 20:12
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-application_delivery_controllernetscaler_gatewaysd-wan_wanopapplication_delivery_controller_firmwaregatewayCitrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-12044
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.70%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 15:29
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-netscaler_application_delivery_controllernetscaler_application_delivery_controller_firmwarenetscaler_gateway_firmwarenetscaler_gatewayn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Details not found