CVE-2020-8269

Published Nov 16, 2020

Last updated 3 months ago

CVSS high 8.8

Overview

Description: An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
Source: support@hackerone.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

support@hackerone.com: CWE-269
nvd@nist.gov: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D9D1D8B-8C9A-4CF7-8CCD-2CFDA4AB5970",
            "versionEndIncluding": "2006"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "799D10F0-247F-4BD2-9DA1-D37B043001C8",
            "versionEndIncluding": "1912",
            "versionStartIncluding": "1903"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDB23637-BC09-4914-A028-AA01CB01F24D",
            "versionEndExcluding": "7.6"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0FFFD24-0C7B-4D8D-A786-9469D7DA0C35",
            "versionEndExcluding": "7.15",
            "versionStartIncluding": "7.7"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.6:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A2B7A20-48C6-405C-99C8-06D0F4FE5910"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.6:cu8:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6246BB4D-CDB3-4A4B-940D-93293B6C417A"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.15:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39D97CED-69C7-4762-85E9-978813DB3392"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu6:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A10B5EA-EC14-47ED-ADBB-D975C6B07BE3"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31BF23CF-C7C3-4A61-B52B-964E14EE224A",
            "versionEndExcluding": "7.6"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D2866E0-EB16-42AC-8C7F-7C52FDF88B9B",
            "versionEndExcluding": "7.15",
            "versionStartIncluding": "7.7"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.6:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF2F2C5D-D5AD-4E22-B182-67A4C0C90F0C"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.6:cu8:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CAEBBB5-DC51-4718-AC6C-152F7ADE19C1"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.15:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AFF8323-A381-481F-9BE2-F9027D942851"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu6:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A2A6CF3-F554-44C9-965E-FEAEDDE44D95"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References