Vulnerability Description
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2003 Server | All versions |
| Citrix | Presentation Server | <= 4.5 |
| Citrix | Access Essentials | <= 2.0 |
| Citrix | Desktop Server | 1.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30271Vendor Advisory
- http://support.citrix.com/article/CTX114893Patch
- http://www.securityfocus.com/bid/29233
- http://www.securitytracker.com/id?1020026Patch
- http://www.vupen.com/english/advisories/2008/1531/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42444
- http://secunia.com/advisories/30271Vendor Advisory
- http://support.citrix.com/article/CTX114893Patch
- http://www.securityfocus.com/bid/29233
- http://www.securitytracker.com/id?1020026Patch
- http://www.vupen.com/english/advisories/2008/1531/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42444
FAQ
What is CVE-2008-2299?
CVE-2008-2299 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker...
How severe is CVE-2008-2299?
CVE-2008-2299 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2299?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2003 Server, Citrix Presentation Server, Citrix Access Essentials, Citrix Desktop Server.