Jump to content

Zwei Schwachstellen in Citrix Virtual Apps and Desktops


Recommended Posts

Hi

 

heute hat Citrix folgende Security Updates veröffentlicht: https://support.citrix.com/article/CTX285059

Zitat

CVE-Id: CVE-2020-8269:

Description: An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM

Vulnerability Type: CWE-269: Improper Privilege Management

Pre-conditions: The attacker must be an authenticated user on the Windows VDA with write access to the C:\ directory

 

CVE-Id: CVE-2020-8270 

Description: An unprivileged Windows user on the VDA or a SMB user can perform arbitrary command execution as SYSTEM

Vulnerability Type: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Pre-conditions: The attacker must be an authenticated user on the Windows VDA or be authenticated to Windows SMB service running on the VDA

Betroffen sind folgende Releases:

 

  • Citrix Virtual Apps and Desktops 2006 and earlier versions
  • Citrix Virtual Apps and Desktops 1912 LTSR CU1 and earlier versions of 1912 LTSR
  • Citrix XenApp / XenDesktop 7.15 LTSR CU6 and earlier versions of 7.15 LTSR
  • Citrix XenApp / XenDesktop 7.6 LTSR CU8 and earlier versions of 7.6 LTSR

 

HTH

Jan

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...