CVE-2020-8270 Vulnerability Details

  /     /     /  

CVE-2020-8270 Metadata Quick Info

CVE Published: 16/11/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: hackerone | Vendor: n/a | Product: Citrix Virtual Apps and Desktops
Status : PUBLISHED

---

CVE-2020-8270 Description

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-78
CWE Name: OS Command Injection (CWE-78)
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).