CVE-2020-8283
moderate-risk
Published 2020-12-14
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
Do I need to act?
-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (12)
Virtual Apps And Desktops
Virtual Apps And Desktops
Xenapp
Xenapp
Xenapp
Xenapp
Xenapp
Xendesktop
Xendesktop
Xendesktop
Xendesktop
Xendesktop
Affected Vendors
References (2)
Vendor Advisory
https://support.citrix.com/article/CTX285059
Vendor Advisory
https://support.citrix.com/article/CTX285059
48
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
1/34 · Minimal
Exposure
17/34 · Moderate