CVE-2020-8283

Published Dec 14, 2020

Last updated 4 years ago

CVSS high 8.8

Overview

Description: An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
Source: support@hackerone.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-269
support@hackerone.com: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D9D1D8B-8C9A-4CF7-8CCD-2CFDA4AB5970",
            "versionEndIncluding": "2006"
          },
          {
            "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "799D10F0-247F-4BD2-9DA1-D37B043001C8",
            "versionEndIncluding": "1912",
            "versionStartIncluding": "1903"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDB23637-BC09-4914-A028-AA01CB01F24D",
            "versionEndExcluding": "7.6"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0FFFD24-0C7B-4D8D-A786-9469D7DA0C35",
            "versionEndExcluding": "7.15",
            "versionStartIncluding": "7.7"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.6:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A2B7A20-48C6-405C-99C8-06D0F4FE5910"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.6:cu8:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6246BB4D-CDB3-4A4B-940D-93293B6C417A"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.15:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39D97CED-69C7-4762-85E9-978813DB3392"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu6:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A10B5EA-EC14-47ED-ADBB-D975C6B07BE3"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31BF23CF-C7C3-4A61-B52B-964E14EE224A",
            "versionEndExcluding": "7.6"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D2866E0-EB16-42AC-8C7F-7C52FDF88B9B",
            "versionEndExcluding": "7.15",
            "versionStartIncluding": "7.7"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.6:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF2F2C5D-D5AD-4E22-B182-67A4C0C90F0C"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.6:cu8:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CAEBBB5-DC51-4718-AC6C-152F7ADE19C1"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.15:-:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AFF8323-A381-481F-9BE2-F9027D942851"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu6:*:*:ltsr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A2A6CF3-F554-44C9-965E-FEAEDDE44D95"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References