7.5
CVE-2020-8190
- EPSS 0.27%
- Veröffentlicht 10.07.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:38:28
- Quelle support@hackerone.com
- Teams Watchlist Login
- Unerledigt Login
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Citrix ≫ Application Delivery Controller Firmware Version >= 10.5 < 10.5-70.18
Citrix ≫ Application Delivery Controller Firmware Version >= 11.1 < 11.1-64.14
Citrix ≫ Application Delivery Controller Firmware Version >= 12.0 < 12.0-63.21
Citrix ≫ Application Delivery Controller Firmware Version >= 12.1 < 12.1-57.18
Citrix ≫ Application Delivery Controller Firmware Version >= 13.0 < 13.0-58.30
Citrix ≫ Netscaler Gateway Firmware Version >= 10.5 < 10.5-70.18
Citrix ≫ Netscaler Gateway Firmware Version >= 11.1 < 11.1-64.14
Citrix ≫ Netscaler Gateway Firmware Version >= 12.0 < 12.0-63.21
Citrix ≫ Netscaler Gateway Firmware Version >= 12.1 < 12.1-57.18
Citrix ≫ Gateway Firmware Version >= 13.0 < 13.0-58.30
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.473 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-281 Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.