Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8270

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342

Published

2020-11-16T01:15:13.687

Last Modified

2024-11-21T05:38:37.610

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	citrix	virtual_apps_and_desktops	≤ 2006	Yes
Application	citrix	virtual_apps_and_desktops	≤ 1912	Yes

References

https://support.citrix.com/article/CTX285059 Patch, Vendor Advisory ([email protected])
https://support.citrix.com/article/CTX285059 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)