Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8283

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.

Published

2020-12-14T20:15:13.840

Last Modified

2024-11-21T05:38:39.090

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-269
Type: Primary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	citrix	virtual_apps_and_desktops	≤ 2006	Yes
Application	citrix	virtual_apps_and_desktops	≤ 1912	Yes
Application	citrix	xenapp	< 7.6	Yes
Application	citrix	xenapp	< 7.15	Yes
Application	citrix	xenapp	7.6	Yes
Application	citrix	xenapp	7.6	Yes
Application	citrix	xenapp	7.15	Yes
Application	citrix	xenapp	7.15	Yes
Application	citrix	xendesktop	< 7.6	Yes
Application	citrix	xendesktop	< 7.15	Yes
Application	citrix	xendesktop	7.6	Yes
Application	citrix	xendesktop	7.6	Yes
Application	citrix	xendesktop	7.15	Yes
Application	citrix	xendesktop	7.15	Yes

References

https://support.citrix.com/article/CTX285059 Vendor Advisory ([email protected])
https://support.citrix.com/article/CTX285059 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)