CVE-2020-8270

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342

Published: Nov 16, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-8270
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
citrix / virtual_apps_and_desktops	1903	1912.x
citrix / virtual_apps_and_desktops	-	2006.x

https://support.citrix.com/article/CTX285059

Vulnerability Database

290,301

CVE-2020-8270