CVE-2020-8269

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9

Published: Nov 16, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-8269
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
citrix / xendesktop	7.6-cu8	7.6-cu8.x
citrix / xendesktop	7.6	7.6.x
citrix / xendesktop	7.15-cu6	7.15-cu6.x
citrix / xendesktop	7.15	7.15.x
citrix / xendesktop	-	7.6
citrix / xendesktop	7.7	7.15
citrix / xenapp	7.6-cu8	7.6-cu8.x
citrix / xenapp	7.6	7.6.x
citrix / xenapp	-	7.6
citrix / xenapp	7.15-cu6	7.15-cu6.x
citrix / xenapp	7.15	7.15.x
citrix / xenapp	7.7	7.15
citrix / virtual_apps_and_desktops	1903	1912.x
citrix / virtual_apps_and_desktops	-	2006.x

https://support.citrix.com/article/CTX285059

Vulnerability Database

290,301

CVE-2020-8269