PatchSiren cyber security CVE debrief

CVE-2017-5573 Citrix CVE debrief

CVE-2017-5573 describes a task-control issue in Linux Foundation xapi as used by Citrix XenServer through 7.0. According to the CVE record, an authenticated read-only administrator can cancel tasks started by other administrators. The NVD record rates the issue Medium with an integrity-focused impact profile (no confidentiality or availability impact recorded).

Vendor: Citrix
Product: CVE-2017-5573
CVSS: MEDIUM 4.9
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-30
Original CVE updated: 2026-05-13
Advisory published: 2017-01-30
Advisory updated: 2026-05-13

Who should care

Citrix XenServer administrators, virtualization platform owners, and security teams that delegate read-only administrative roles. Environments that rely on XenServer task queues or multi-admin workflows should review this issue, because the vulnerability allows one authenticated admin role to interfere with another admin’s tasks.

Technical summary

The official CVE description says the issue is in Linux Foundation xapi in Citrix XenServer through 7.0. NVD lists affected CPEs for XenServer 6.0.2, 6.2.0, 6.5, and 7.0. The CVSS v3.0 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N, indicating network reachability, low attack complexity, and high privileges required. The reported effect is integrity impact: a read-only administrator can cancel tasks of other administrators.

Defensive priority

Moderate. The issue requires authenticated, high-privilege access, which lowers likelihood, but it can still disrupt administrative operations by allowing unauthorized task cancellation. Prioritize it if you operate XenServer multi-admin environments or use read-only admin accounts.

Recommended defensive actions

Review Citrix advisory CTX220112 and the NVD entry for vendor remediation guidance.
Inventory XenServer systems and confirm whether any run versions 6.0.2, 6.2.0, 6.5, or 7.0.
Limit assignment of read-only administrative accounts to trusted operators and apply least-privilege access controls wherever possible.
Monitor XenServer management activity and task logs for unexpected cancellations or admin-initiated task interference.
Apply vendor updates or mitigations referenced by Citrix once validated in your environment.

Evidence notes

This debrief is based only on the supplied CVE/NVD corpus and the referenced official/vendor links. The supplied record states that the issue affects Citrix XenServer through 7.0 and that an authenticated read-only administrator can cancel tasks of other administrators. NVD supplies the affected CPEs, CVSS v3.0 vector, and the weakness classification NVD-CWE-noinfo. No exploit code, proof-of-concept, or vendor advisory text was included in the supplied corpus.

Official resources

CVE-2017-5573 CVE record
CVE.org
CVE-2017-5573 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]

CVE published on 2017-01-30. The supplied NVD record was last modified on 2026-05-13. Treat 2017-01-30 as the issue disclosure date for this debrief.