Citrix announced VAD security vulnerabilities
Case Citrix announced VAD security vulnerabilities. On November 10th 2020 the following vulnerabilities were announced. CVE ID Description Vulnerability Type Pre-conditions CVE-2020-8269 An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM CWE-269: Improper Privilege Management The attacker must be an authenticated user on the Windows VDA with write access to the C:\ directory CVE-2020-8270 An unprivileged Windows user on the VDA or a SMB user can perform arbitrary command execution as SYSTEM … Read more
