PT-2020-6863 · Citrix+1 · Citrix Virtual Apps/Desktops+1

Published

2020-11-10

Updated

2020-12-17

CVE-2020-8283

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Citrix Virtual Apps and Desktops (CVAD) versions prior to 2009 Citrix Virtual Apps and Desktops (CVAD) version 1912 LTSR CU1 Citrix Virtual Apps and Desktops (CVAD) version 7.15 LTSR CU6 Citrix Virtual Apps and Desktops (CVAD) version 7.6 LTSR CU9

Description The issue is related to insufficient access control in the Universal Print Server (UPS) of Citrix Virtual Apps and Desktops (CVAD) on Windows operating systems. Exploitation of this issue can allow a remote attacker to elevate privileges and execute arbitrary commands.

Recommendations For CVAD versions prior to 2009, apply the necessary hotfixes to resolve the issue. For CVAD version 1912 LTSR CU1, apply hotfixes CTX285870 and CTX286120. For CVAD version 7.15 LTSR CU6, apply hotfix CTX285344. For CVAD version 7.6 LTSR CU9, update to a newer version that includes the necessary security fixes.

Fix

Improper Privilege Management

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-78

Related Identifiers

BDU:2023-02351

CVE-2020-8283

Affected Products

Citrix Virtual Apps/Desktops

Windows

PT-2020-6863 · Citrix+1 · Citrix Virtual Apps/Desktops+1

CVE-2020-8283

Weakness Enumeration

Related Identifiers

Affected Products

References · 5