9

CVE-2020-8283

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.

Data is provided by the National Vulnerability Database (NVD)
CitrixVirtual Apps And Desktops SwEdition- Version <= 2006
CitrixVirtual Apps And Desktops SwEditionltsr Version >= 1903 <= 1912
CitrixXenapp SwEditionltsr Version < 7.6
CitrixXenapp SwEditionltsr Version >= 7.7 < 7.15
CitrixXenapp Version7.6 Update- SwEditionltsr
CitrixXenapp Version7.6 Updatecu8 SwEditionltsr
CitrixXenapp Version7.15 Update- SwEditionltsr
CitrixXenapp Version7.15 Updatecu6 SwEditionltsr
CitrixXendesktop SwEditionltsr Version < 7.6
CitrixXendesktop SwEditionltsr Version >= 7.7 < 7.15
CitrixXendesktop Version7.6 Update- SwEditionltsr
CitrixXendesktop Version7.6 Updatecu8 SwEditionltsr
CitrixXendesktop Version7.15 Update- SwEditionltsr
CitrixXendesktop Version7.15 Updatecu6 SwEditionltsr
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.37% 0.557
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.