VAR-201610-0019
Vulnerability from variot - Updated: 2025-04-13 23:22The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode. Citrix License Server for Windows and License Server VPX are products of Citrix Systems. The former is a Windows-based authentication server, and the latter is an authentication server device. There are security vulnerabilities in versions of Citrix License Server for Windows prior to 11.14.0.1 and versions prior to License Server VPX 11.14.0.1. A remote attacker could exploit the vulnerability to cause a denial of service (server crash)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "license server vpx",
"scope": "lt",
"trust": 1.4,
"vendor": "citrix",
"version": "11.14.0.1"
},
{
"model": "license server vpx",
"scope": "lte",
"trust": 1.0,
"vendor": "citrix",
"version": "11.14.0.0"
},
{
"model": "license server",
"scope": "lte",
"trust": 1.0,
"vendor": "citrix",
"version": "11.14.0.0"
},
{
"model": "license server",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "for windows 11.14.0.1"
},
{
"model": "license server for windows",
"scope": "lt",
"trust": 0.6,
"vendor": "citrix",
"version": "11.14.0.1"
},
{
"model": "license server vpx",
"scope": "eq",
"trust": 0.6,
"vendor": "citrix",
"version": "11.14.0.0"
},
{
"model": "license server",
"scope": "eq",
"trust": 0.6,
"vendor": "citrix",
"version": "11.14.0.0"
},
{
"model": "license server vpx",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.9"
},
{
"model": "license server vpx",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.6"
},
{
"model": "license server vpx",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.5"
},
{
"model": "license server vpx",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.13.1.2"
},
{
"model": "license server vpx",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.12"
},
{
"model": "license server vpx",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.11"
},
{
"model": "license server vpx",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.10"
},
{
"model": "license server for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.11.1"
},
{
"model": "license server for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.9"
},
{
"model": "license server for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.6"
},
{
"model": "license server for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.5"
},
{
"model": "license server for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.13.1.2"
},
{
"model": "license server for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.12"
},
{
"model": "license server for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.11"
},
{
"model": "license server for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.10"
},
{
"model": "license server vpx",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.14.0.1"
},
{
"model": "license server for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.14.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "license server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "license server vpx",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
},
{
"db": "CNVD",
"id": "CNVD-2016-09525"
},
{
"db": "BID",
"id": "93450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005187"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-152"
},
{
"db": "NVD",
"id": "CVE-2016-6273"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:citrix:license_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:citrix:license_server_vpx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005187"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jim Carreer and Nicholas Miles of Tenable Network Security.",
"sources": [
{
"db": "BID",
"id": "93450"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6273",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-09525",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6273",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6273",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-6273",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-09525",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-152",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
},
{
"db": "CNVD",
"id": "CNVD-2016-09525"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005187"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-152"
},
{
"db": "NVD",
"id": "CVE-2016-6273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a \u002701 19\u0027 opcode. Citrix License Server for Windows and License Server VPX are products of Citrix Systems. The former is a Windows-based authentication server, and the latter is an authentication server device. There are security vulnerabilities in versions of Citrix License Server for Windows prior to 11.14.0.1 and versions prior to License Server VPX 11.14.0.1. A remote attacker could exploit the vulnerability to cause a denial of service (server crash)",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6273"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005187"
},
{
"db": "CNVD",
"id": "CNVD-2016-09525"
},
{
"db": "BID",
"id": "93450"
},
{
"db": "IVD",
"id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6273",
"trust": 3.5
},
{
"db": "TENABLE",
"id": "TRA-2016-29",
"trust": 1.6
},
{
"db": "BID",
"id": "93450",
"trust": 1.3
},
{
"db": "SECTRACK",
"id": "1037008",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-09525",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-152",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005187",
"trust": 0.8
},
{
"db": "IVD",
"id": "F16D7B84-244A-4FB0-84FB-068E7CA78DF7",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
},
{
"db": "CNVD",
"id": "CNVD-2016-09525"
},
{
"db": "BID",
"id": "93450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005187"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-152"
},
{
"db": "NVD",
"id": "CVE-2016-6273"
}
]
},
"id": "VAR-201610-0019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
},
{
"db": "CNVD",
"id": "CNVD-2016-09525"
}
],
"trust": 1.271001215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
},
{
"db": "CNVD",
"id": "CNVD-2016-09525"
}
]
},
"last_update_date": "2025-04-13T23:22:20.065000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "License Server - Version 11.14.0.1",
"trust": 0.8,
"url": "https://www.citrix.co.jp/downloads/licensing/license-server.html"
},
{
"title": "CTX217430",
"trust": 0.8,
"url": "http://support.citrix.com/article/CTX217430"
},
{
"title": "[R2] Citrix License Server / Flexera FlexNet Publisher lmadmin.exe 2F Packet Handling Remote DoS",
"trust": 0.8,
"url": "https://www.tenable.com/security/research/tra-2016-29"
},
{
"title": "Patch for Citrix License Server for Windows and License Server VPX Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/82643"
},
{
"title": "Citrix License Server for Windows and License Server VPX Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64557"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09525"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005187"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://support.citrix.com/article/ctx217430"
},
{
"trust": 1.6,
"url": "https://www.tenable.com/security/research/tra-2016-29"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1037008"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/93450"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6273"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6273"
},
{
"trust": 0.3,
"url": "http://www.citrix.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09525"
},
{
"db": "BID",
"id": "93450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005187"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-152"
},
{
"db": "NVD",
"id": "CVE-2016-6273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
},
{
"db": "CNVD",
"id": "CNVD-2016-09525"
},
{
"db": "BID",
"id": "93450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005187"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-152"
},
{
"db": "NVD",
"id": "CVE-2016-6273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-20T00:00:00",
"db": "IVD",
"id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
},
{
"date": "2016-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09525"
},
{
"date": "2016-10-06T00:00:00",
"db": "BID",
"id": "93450"
},
{
"date": "2016-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005187"
},
{
"date": "2016-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-152"
},
{
"date": "2016-10-07T14:59:05.020000",
"db": "NVD",
"id": "CVE-2016-6273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09525"
},
{
"date": "2016-10-10T03:06:00",
"db": "BID",
"id": "93450"
},
{
"date": "2016-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005187"
},
{
"date": "2016-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-152"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6273"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-152"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix License Server for Windows and License Server VPX Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09525"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-152"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-152"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…