First published: Mon Dec 14 2020(Updated: )
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Citrix Virtual Apps and Desktops | <=2006 | |
Citrix Virtual Apps and Desktops | >=1903<=1912 | |
Citrix XenApp | <7.6 | |
Citrix XenApp | >=7.7<7.15 | |
Citrix XenApp | =7.6 | |
Citrix XenApp | =7.6-cu8 | |
Citrix XenApp | =7.15 | |
Citrix XenApp | =7.15-cu6 | |
Citrix XenDesktop | <7.6 | |
Citrix XenDesktop | >=7.7<7.15 | |
Citrix XenDesktop | =7.6 | |
Citrix XenDesktop | =7.6-cu8 | |
Citrix XenDesktop | =7.15 | |
Citrix XenDesktop | =7.15-cu6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8283 refers to a vulnerability in Citrix Universal Print Server that allows an authorized user to perform arbitrary command execution as SYSTEM.
CVE-2020-8283 affects Citrix Virtual Apps and Desktops versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344, and 7.6 LTSR CU9.
CVE-2020-8283 has a severity rating of critical (8.8).
An authorized user can exploit CVE-2020-8283 by performing arbitrary command execution as SYSTEM on a Windows host running Citrix Universal Print Server.
Yes, Citrix has released hotfixes and updates to address the vulnerability. It is recommended to update to the latest patched version.