1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability

Known Exploited Vulnerabilities CVE-2019-13608 Mappings

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2019-13608 Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability secondary_impact T1003 OS Credential Dumping
Comments
CVE-2019-13608 is a an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/
CVE-2019-13608 Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability secondary_impact T1078 Valid Accounts
Comments
CVE-2019-13608 is a an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/
CVE-2019-13608 Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability secondary_impact T1046 Network Service Discovery
Comments
CVE-2019-13608 is a an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/
CVE-2019-13608 Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability secondary_impact T1005 Data from Local System
Comments
CVE-2019-13608 is a an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/
CVE-2019-13608 Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2019-13608 is a an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
References
  1. https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/
  2. https://threatpost.com/nefilim-ransomware-ghost-account/163341/