CVE-2016-9111

Name: CVE-2016-9111
Creator: NVD / NIST
Published: 2016-11-07T11:59:00.207+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.78%

Last modified Jun 17, 2026

CVE-2016-9111 is a vulnerability of currently unknown severity. Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. EPSS estimates a 1.78% chance of exploitation in the next 30 days.

Description

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us."

Metrics

EPSS Probability

1.78%

75.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Citrix	Receiver Desktop	4.5

References

http://www.securityfocus.com/bid/94229Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037176
https://packetstormsecurity.com/files/139493/Citrix-Receiver-Receiver-Desktop-Lock-4.5-Authentication-Bypass.htmlExploit, Third Party Advisory, VDB Entry
https://vuldb.com/?id.93250Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/40686/Exploit, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/94229Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037176
https://packetstormsecurity.com/files/139493/Citrix-Receiver-Receiver-Desktop-Lock-4.5-Authentication-Bypass.htmlExploit, Third Party Advisory, VDB Entry
https://vuldb.com/?id.93250Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/40686/Exploit, Third Party Advisory, VDB Entry

Timeline

Published: Nov 7, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-9111?

How severe is CVE-2016-9111?

Severity scoring for CVE-2016-9111 is pending analysis. The EPSS model estimates a 1.78% probability of exploitation in the next 30 days.

How do I fix CVE-2016-9111?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-9111?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST