Zwei Schwachstellen in Citrix Virtual Apps and Desktops

[testperson 1.857]

Hi

 

heute hat Citrix folgende Security Updates veröffentlicht: https://support.citrix.com/article/CTX285059

Zitat

CVE-Id: CVE-2020-8269:

Description: An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM

Vulnerability Type: CWE-269: Improper Privilege Management

Pre-conditions: The attacker must be an authenticated user on the Windows VDA with write access to the C:\ directory

 

CVE-Id: CVE-2020-8270 

Description: An unprivileged Windows user on the VDA or a SMB user can perform arbitrary command execution as SYSTEM

Vulnerability Type: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Pre-conditions: The attacker must be an authenticated user on the Windows VDA or be authenticated to Windows SMB service running on the VDA

Betroffen sind folgende Releases:

 

• Citrix Virtual Apps and Desktops 2006 and earlier versions
• Citrix Virtual Apps and Desktops 1912 LTSR CU1 and earlier versions of 1912 LTSR
• Citrix XenApp / XenDesktop 7.15 LTSR CU6 and earlier versions of 7.15 LTSR
• Citrix XenApp / XenDesktop 7.6 LTSR CU8 and earlier versions of 7.6 LTSR

 

HTH

Jan