CVE-2020-8270 - AskarLabs CVE Database

CVE-2020-8270

Vendor N/A

Product Citrix Virtual Apps and Desktops

Weakness CWE-78

Published November 16, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342

Key dates

02Disclosure timeline

November 16, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-8270 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

04Related CVE

CVE-2026-5691 Totolink A7100RU cstecgi.cgi setFirewallType os command injection CVE-2024-9004 D-Link DAR-7000 Backup_Server_commit.php os command injection CVE-2024-55904 IBM DevOps Deploy / IBM UrbanCode Deploy command injection CVE-2026-21837 HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API CVE-2025-60006 Junos OS Evolved: OS command injection vulnerabilities fixed