CVE-2020-8269

moderate-risk
Published 2020-11-16

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9

Do I need to act?

-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (12)

Virtual Apps And Desktops
Virtual Apps And Desktops
Xenapp
Xenapp
Xenapp
Xenapp
Xenapp
Xendesktop
Xendesktop
Xendesktop
Xendesktop
Xendesktop

Affected Vendors

Citrix

References (2)

Patch https://support.citrix.com/article/CTX285059
Patch https://support.citrix.com/article/CTX285059
48
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 17/34 · Moderate