This article is for vSpace Pro users who may be at risk from the Traversal Vulnerability in the Health Monitoring service.
- This cve does NOT effect our RX-HDX / CITRIX Platform devices
CVE-2018-10201 – NComputing vSpace Pro Directory Traversal Vulnerability
This vulnerability has been fixed
A vulnerability has been detected in vSpace Pro software versions that allowed malicious users to read arbitrary files outside the root directory of the web server.
This vulnerability could be exploited remotely by a crafted URL without credentials.
An attacker may then make use of this vulnerability to step out of the root directory and access other parts of the file system. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.
A patch has been applied to vSpace Pro 11 version 11.1.1 to eliminate this issue.
All users are advised that they should take security threats seriously and that they should ensure that you are using a version of vSpace Pro 11 that is equal to or greater than the version mentioned in this article.
For vSpace Pro 10, please see the attached step by step instructions to apply the patch in your vSpace Server successfully.
The compressed patch file is also attached.
If you have any questions regarding this procedure or any other NComputing technical needs, feel free to contact NComputing support.
Thank you for your patience with this matter.
NComputing Support Team.