What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-8269.

What is the severity level of CVE-2020-8269?

CVE-2020-8269 has a severity level of critical.

Is there a fix available for CVE-2020-8269?

Yes, a fix is available for CVE-2020-8269. Please refer to the official Citrix support article for more information.

Vulnerability/
CVE-2020-8269

critical

CWE

269

16/11/2020

4/8/2024

CVE-2020-8269

Q: Which software versions are affected by CVE-2020-8269?

Citrix Virtual Apps and Desktops versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344, and 7.6 LTSR CU9 are affected.

First published: Mon Nov 16 2020(Updated: )

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9

Credit: support@hackerone.com

Affected Software	Affected Version	How to fix
Citrix Virtual Apps and Desktops	<=2006
Citrix Virtual Apps and Desktops	>=1903<=1912
Citrix XenApp	<7.6
Citrix XenApp	>=7.7<7.15
Citrix XenApp	=7.6
Citrix XenApp	=7.6-cu8
Citrix XenApp	=7.15
Citrix XenApp	=7.15-cu6
Citrix XenDesktop	<7.6
Citrix XenDesktop	>=7.7<7.15
Citrix XenDesktop	=7.6
Citrix XenDesktop	=7.6-cu8
Citrix XenDesktop	=7.15
Citrix XenDesktop	=7.15-cu6

Remedy

https://support.citrix.com/article/CTX285059

Never miss a vulnerability like this again

Reference Links

https://support.citrix.com/article/CTX285059

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-8269.
What is the severity level of CVE-2020-8269?
CVE-2020-8269 has a severity level of critical.
Which software versions are affected by CVE-2020-8269?
Citrix Virtual Apps and Desktops versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344, and 7.6 LTSR CU9 are affected.
How can an unprivileged Windows user exploit CVE-2020-8269?
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM.
Is there a fix available for CVE-2020-8269?
Yes, a fix is available for CVE-2020-8269. Please refer to the official Citrix support article for more information.

collector/nvd-index
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/severity
agent/author
agent/references
agent/weakness
agent/last-modified-date
agent/first-publish-date
agent/type
agent/event
agent/description
agent/tags
agent/source
vendor/citrix
canonical/citrix virtual apps and desktops
version/citrix virtual apps and desktops/2006
version/citrix virtual apps and desktops/1903
version/citrix virtual apps and desktops/1912
canonical/citrix xenapp
version/citrix xenapp/7.7
version/citrix xenapp/7.6
version/citrix xenapp/7.6-cu8
version/citrix xenapp/7.15
version/citrix xenapp/7.15-cu6
canonical/citrix xendesktop
version/citrix xendesktop/7.7
version/citrix xendesktop/7.6
version/citrix xendesktop/7.6-cu8
version/citrix xendesktop/7.15
version/citrix xendesktop/7.15-cu6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.