Sign-up

ID

VAR-201610-0019


CVE

CVE-2016-6273


TITLE

Citrix License Server for Windows and License Server VPX Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-09525 // CNNVD: CNNVD-201610-152

DESCRIPTION

The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode. Citrix License Server for Windows and License Server VPX are products of Citrix Systems. The former is a Windows-based authentication server, and the latter is an authentication server device. There are security vulnerabilities in versions of Citrix License Server for Windows prior to 11.14.0.1 and versions prior to License Server VPX 11.14.0.1. A remote attacker could exploit the vulnerability to cause a denial of service (server crash)

Trust: 2.61

sources: NVD: CVE-2016-6273 // JVNDB: JVNDB-2016-005187 // CNVD: CNVD-2016-09525 // BID: 93450 // IVD: f16d7b84-244a-4fb0-84fb-068e7ca78df7

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: f16d7b84-244a-4fb0-84fb-068e7ca78df7 // CNVD: CNVD-2016-09525

AFFECTED PRODUCTS

vendor:citrixmodel:license server vpxscope:ltversion:11.14.0.1

Trust: 1.4

vendor:citrixmodel:license server vpxscope:lteversion:11.14.0.0

Trust: 1.0

vendor:citrixmodel:license serverscope:lteversion:11.14.0.0

Trust: 1.0

vendor:citrixmodel:license serverscope:ltversion:for windows 11.14.0.1

Trust: 0.8

vendor:citrixmodel:license server for windowsscope:ltversion:11.14.0.1

Trust: 0.6

vendor:citrixmodel:license server vpxscope:eqversion:11.14.0.0

Trust: 0.6

vendor:citrixmodel:license serverscope:eqversion:11.14.0.0

Trust: 0.6

vendor:citrixmodel:license server vpxscope:eqversion:11.9

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.6

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.5

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.13.1.2

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.12

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.11

Trust: 0.3

vendor:citrixmodel:license server vpxscope:eqversion:11.10

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.11.1

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.9

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.6

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.5

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.13.1.2

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.12

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.11

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:eqversion:11.10

Trust: 0.3

vendor:citrixmodel:license server vpxscope:neversion:11.14.0.1

Trust: 0.3

vendor:citrixmodel:license server for windowsscope:neversion:11.14.0.1

Trust: 0.3

vendor:license servermodel: - scope:eqversion:*

Trust: 0.2

vendor:license server vpxmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: f16d7b84-244a-4fb0-84fb-068e7ca78df7 // CNVD: CNVD-2016-09525 // BID: 93450 // JVNDB: JVNDB-2016-005187 // CNNVD: CNNVD-201610-152 // NVD: CVE-2016-6273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6273
value: HIGH

Trust: 1.0

NVD: CVE-2016-6273
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-09525
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201610-152
value: MEDIUM

Trust: 0.6

IVD: f16d7b84-244a-4fb0-84fb-068e7ca78df7
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2016-6273
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-09525
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f16d7b84-244a-4fb0-84fb-068e7ca78df7
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2016-6273
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: f16d7b84-244a-4fb0-84fb-068e7ca78df7 // CNVD: CNVD-2016-09525 // JVNDB: JVNDB-2016-005187 // CNNVD: CNNVD-201610-152 // NVD: CVE-2016-6273

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2016-6273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-152

TYPE

other

Trust: 0.8

sources: IVD: f16d7b84-244a-4fb0-84fb-068e7ca78df7 // CNNVD: CNNVD-201610-152

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005187

PATCH
title:License Server - Version 11.14.0.1url:https://www.citrix.co.jp/downloads/licensing/license-server.html
Trust: 0.8
title:CTX217430url:http://support.citrix.com/article/CTX217430
Trust: 0.8
title:[R2] Citrix License Server / Flexera FlexNet Publisher lmadmin.exe 2F Packet Handling Remote DoSurl:https://www.tenable.com/security/research/tra-2016-29
Trust: 0.8
title:Patch for Citrix License Server for Windows and License Server VPX Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/82643
Trust: 0.6
title:Citrix License Server for Windows  and License Server VPX Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64557
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-09525 // 
            
            
            
            JVNDB: JVNDB-2016-005187 // 
            
            
            
            CNNVD: CNNVD-201610-152

EXTERNAL IDS
db:NVDid:CVE-2016-6273
Trust: 3.5
db:TENABLEid:TRA-2016-29
Trust: 1.6
db:BIDid:93450
Trust: 1.3
db:SECTRACKid:1037008
Trust: 1.0
db:CNVDid:CNVD-2016-09525
Trust: 0.8
db:CNNVDid:CNNVD-201610-152
Trust: 0.8
db:JVNDBid:JVNDB-2016-005187
Trust: 0.8
db:IVDid:F16D7B84-244A-4FB0-84FB-068E7CA78DF7
Trust: 0.2
sources:
            
            
            IVD: f16d7b84-244a-4fb0-84fb-068e7ca78df7 // 
            
            
            
            CNVD: CNVD-2016-09525 // 
            
            
            
            BID: 93450 // 
            
            
            
            JVNDB: JVNDB-2016-005187 // 
            
            
            
            CNNVD: CNNVD-201610-152 // 
            
            
            
            NVD: CVE-2016-6273

REFERENCES
url:http://support.citrix.com/article/ctx217430
Trust: 1.9
url:https://www.tenable.com/security/research/tra-2016-29
Trust: 1.6
url:http://www.securitytracker.com/id/1037008
Trust: 1.0
url:http://www.securityfocus.com/bid/93450
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6273
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6273
Trust: 0.8
url:http://www.citrix.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-09525 // 
            
            
            
            BID: 93450 // 
            
            
            
            JVNDB: JVNDB-2016-005187 // 
            
            
            
            CNNVD: CNNVD-201610-152 // 
            
            
            
            NVD: CVE-2016-6273

CREDITS
Jim Carreer and Nicholas Miles of Tenable Network Security.
Trust: 0.3
sources:
            
            
            BID: 93450

SOURCES
db:IVDid:f16d7b84-244a-4fb0-84fb-068e7ca78df7
db:CNVDid:CNVD-2016-09525
db:BIDid:93450
db:JVNDBid:JVNDB-2016-005187
db:CNNVDid:CNNVD-201610-152
db:NVDid:CVE-2016-6273

LAST UPDATE DATE
2025-04-13T23:22:20.065000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-09525date:2016-10-20T00:00:00
db:BIDid:93450date:2016-10-10T03:06:00
db:JVNDBid:JVNDB-2016-005187date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201610-152date:2016-10-21T00:00:00
db:NVDid:CVE-2016-6273date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:f16d7b84-244a-4fb0-84fb-068e7ca78df7date:2016-10-20T00:00:00
db:CNVDid:CNVD-2016-09525date:2016-10-20T00:00:00
db:BIDid:93450date:2016-10-06T00:00:00
db:JVNDBid:JVNDB-2016-005187date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201610-152date:2016-10-11T00:00:00
db:NVDid:CVE-2016-6273date:2016-10-07T14:59:05.020