CVE-2020-8283
First published: Mon Dec 14 2020(Updated: )
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Virtual Apps and Desktops | <=2006 | |
| Citrix Virtual Apps and Desktops | >=1903<=1912 | |
| Citrix | <7.6 | |
| Citrix | >=7.7<7.15 | |
| Citrix | =7.6 | |
| Citrix | =7.6-cu8 | |
| Citrix | =7.15 | |
| Citrix | =7.15-cu6 | |
| Citrix Virtual Apps and Desktops | <7.6 | |
| Citrix Virtual Apps and Desktops | >=7.7<7.15 | |
| Citrix Virtual Apps and Desktops | =7.6 | |
| Citrix Virtual Apps and Desktops | =7.6-cu8 | |
| Citrix Virtual Apps and Desktops | =7.15 | |
| Citrix Virtual Apps and Desktops | =7.15-cu6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8283?
CVE-2020-8283 refers to a vulnerability in Citrix Universal Print Server that allows an authorized user to perform arbitrary command execution as SYSTEM.
Which versions of Citrix Virtual Apps and Desktops are affected by CVE-2020-8283?
CVE-2020-8283 affects Citrix Virtual Apps and Desktops versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344, and 7.6 LTSR CU9.
What is the severity of CVE-2020-8283?
CVE-2020-8283 has a severity rating of critical (8.8).
How can an authorized user exploit CVE-2020-8283?
An authorized user can exploit CVE-2020-8283 by performing arbitrary command execution as SYSTEM on a Windows host running Citrix Universal Print Server.
Is there a fix available for CVE-2020-8283?
Yes, Citrix has released hotfixes and updates to address the vulnerability. It is recommended to update to the latest patched version.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/citrix
- canonical/citrix virtual apps and desktops
- version/citrix virtual apps and desktops/2006
- version/citrix virtual apps and desktops/1903
- version/citrix virtual apps and desktops/1912
- canonical/citrix
- version/citrix/7.7
- version/citrix/7.6
- version/citrix/7.6-cu8
- version/citrix/7.15
- version/citrix/7.15-cu6
- version/citrix virtual apps and desktops/7.7
- version/citrix virtual apps and desktops/7.6
- version/citrix virtual apps and desktops/7.6-cu8
- version/citrix virtual apps and desktops/7.15
- version/citrix virtual apps and desktops/7.15-cu6