PatchSiren cyber security CVE debrief
CVE-2017-5572 Citrix CVE debrief
CVE-2017-5572 is a Citrix XenServer issue in the Linux Foundation xapi component that allows an authenticated read-only administrator to corrupt the host database. NVD rates the issue medium severity and lists impacted XenServer versions as 6.0.2, 6.2.0, 6.5, and 7.0. Because the attack requires high privileges, this is not a public, unauthenticated exposure, but it can still threaten host integrity and administrative availability if read-only accounts are broader than intended.
- Vendor
- Citrix
- Product
- CVE-2017-5572
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-30
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-30
- Advisory updated
- 2026-05-13
Who should care
Citrix XenServer operators, virtualization/platform teams, and security teams that manage delegated administrative access should prioritize this issue, especially where read-only roles are used for monitoring, support, or outsourced operations.
Technical summary
The published CVE describes an authorization/privilege issue in xapi on Citrix XenServer through 7.0. According to NVD, the vector is network-reachable but requires high privileges (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). The stated impact is corruption of the host database, which can affect the integrity and reliability of the XenServer management plane. The supplied corpus does not include a full root-cause analysis or patch details from Citrix.
Defensive priority
Medium. Treat as important for integrity and availability, but below issues that are remotely exploitable without authentication or with lower privileges.
Recommended defensive actions
- Identify XenServer hosts running versions 6.0.2, 6.2.0, 6.5, or 7.0 and confirm whether Citrix remediation guidance from CTX220112 has been applied.
- Review all delegated or read-only administrative accounts that can reach xapi-related management functions and ensure permissions are strictly limited to intended monitoring tasks.
- Restrict management-plane access to trusted administrative networks and authenticated users only, with strong account controls for privileged roles.
- Monitor for unexpected host database corruption symptoms, administrative errors, or configuration inconsistencies on affected XenServer systems.
- Track Citrix security updates and apply vendor guidance for this CVE before continuing routine use of impacted builds.
Evidence notes
This debrief is based only on the supplied NVD record and its referenced official/vendor links. The NVD record states the issue affects Citrix XenServer 6.0.2, 6.2.0, 6.5, and 7.0, and that an authenticated read-only administrator can corrupt the host database. The Citrix advisory is referenced in the corpus as CTX220112, but its contents were not provided here.
Official resources
CVE published 2017-01-30. The supplied NVD record was last modified 2026-05-13. This summary does not infer any later issue date from the modification timestamp.