7.5
CVE-2020-8190
- EPSS 0.27%
- Published 10.07.2020 16:15:12
- Last modified 21.11.2024 05:38:28
- Source support@hackerone.com
- Teams watchlist Login
- Open Login
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
Data is provided by the National Vulnerability Database (NVD)
Citrix ≫ Application Delivery Controller Firmware Version >= 10.5 < 10.5-70.18
Citrix ≫ Application Delivery Controller Firmware Version >= 11.1 < 11.1-64.14
Citrix ≫ Application Delivery Controller Firmware Version >= 12.0 < 12.0-63.21
Citrix ≫ Application Delivery Controller Firmware Version >= 12.1 < 12.1-57.18
Citrix ≫ Application Delivery Controller Firmware Version >= 13.0 < 13.0-58.30
Citrix ≫ Netscaler Gateway Firmware Version >= 10.5 < 10.5-70.18
Citrix ≫ Netscaler Gateway Firmware Version >= 11.1 < 11.1-64.14
Citrix ≫ Netscaler Gateway Firmware Version >= 12.0 < 12.0-63.21
Citrix ≫ Netscaler Gateway Firmware Version >= 12.1 < 12.1-57.18
Citrix ≫ Gateway Firmware Version >= 13.0 < 13.0-58.30
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.473 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-281 Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.