Arbitrary Command Execution Vulnerability in Citrix Virtual Apps and Desktops
CVE-2020-8270
8.8HIGH
Key Information:
- Vendor
Citrix
- Vendor
- CVE Published:
- 16 November 2020
What is CVE-2020-8270?
An unprivileged Windows user or an SMB user on the Virtual Delivery Agent (VDA) may exploit this vulnerability to execute arbitrary commands with SYSTEM privileges on affected versions of Citrix Virtual Apps and Desktops, potentially leading to unauthorized access and control of the system.
Affected Version(s)
Citrix Virtual Apps and Desktops 2009, 1912 LTSRÂ CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342