Citrix announced VAD security vulnerabilities

Citrix Virtual Apps and Desktops Deployment and Adoption Resource Center

Case Citrix announced on November 10th 2020 the following vulnerabilities. CVE ID Description Vulnerability Type Pre-conditions  CVE-2020-8269 An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM CWE-269: Improper Privilege Management The attacker must be an authenticated user on the Windows VDA with write access to the C:\ directory CVE-2020-8270 An unprivileged Windows user on the VDA or a SMB user can perform arbitrary command execution as SYSTEM CWE-78: Improper Neutralization of Special … Read more