CVE-2020-8283

Published: Dec 14, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.

Affected (14)

Products: Citrix: Virtual Apps And Desktops, Xenapp, Xendesktop

Citrix

3 products

Virtual Apps And Desktops

Xenapp

Xendesktop

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Citrix Virtual Apps And Desktops	Up to 2006
Citrix Virtual Apps And Desktops	From 1903 to 1912
Citrix Xenapp	Before 7.6
Citrix Xenapp	From 7.7 to 7.15
Citrix Xenapp	Version 7.15
Citrix Xenapp	Version 7.15 cu6
Citrix Xenapp	Version 7.6
Citrix Xenapp	Version 7.6 cu8
Citrix Xendesktop	Before 7.6
Citrix Xendesktop	From 7.7 to 7.15
Citrix Xendesktop	Version 7.15
Citrix Xendesktop	Version 7.15 cu6
Citrix Xendesktop	Version 7.6
Citrix Xendesktop	Version 7.6 cu8

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://support.citrix.com/article/CTX285059

Source: support@hackerone.com

Vendor Advisory

https://support.citrix.com/article/CTX285059

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.