CVE-2020-8283
HIGH EXPLOITED RANSOMWARECitrix Universal Print Server - Command Injection
Title source: llmExploitation Summary
CVE-2020-8283 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.
Description
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.citrix.com/article/CTX285059
Scores
CVSS v3
8.8
EPSS
0.0037
EPSS Percentile
58.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2021-01-26
Ransomware Use
Confirmed
CWE
CWE-269
Status
published
Products (8)
citrix/virtual_apps_and_desktops
< 2006
citrix/virtual_apps_and_desktops
1903 - 1912
citrix/xenapp
7.6 (2 CPE variants)
citrix/xenapp
7.15 (2 CPE variants)
citrix/xenapp
< 7.6
citrix/xendesktop
7.6 (2 CPE variants)
citrix/xendesktop
7.15 (2 CPE variants)
citrix/xendesktop
< 7.6
Published
Dec 14, 2020
Tracked Since
Feb 18, 2026