VMware software breaking Cisco HyperFlex clusters Hackers could exploit this by creating a malicious file, naming it powershell.exe, and copying it into every directory they have access to, which would allow them to achieve elevation of privileges on systems running Citrix Gateway Plug-In for Windows. As powershell.exe is invoked in file name only, Windows searches through multiple directories to find it. Tagged as CVE-2020-8257 and CVE-2020-8258, these two vulnerabilities lie in the way the Citrix Gateway Service runs as SYSTEM, and executes a periodic PowerShell script every five minutes, also executed as SYSTEM.
0 Comments
Leave a Reply. |