CVE-2020-8193

Warnung

Exploit

EPSS 94.3%
Veröffentlicht 10.07.2020 16:15:12
Zuletzt bearbeitet 14.03.2025 15:07:15
Quelle support@hackerone.com
Teams Watchlist Login
Unerledigt Login

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Citrix ≫ Application Delivery Controller Firmware Version >= 10.5 < 10.5-70.18

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Application Delivery Controller Firmware Version >= 11.1 < 11.1-64.14

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Application Delivery Controller Firmware Version >= 12.0 < 12.0-63.21

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Application Delivery Controller Firmware Version >= 12.1 < 12.1-57.18

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Application Delivery Controller Firmware Version >= 13.0 < 13.0-58.30

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Netscaler Gateway Firmware Version >= 10.5 < 10.5-70.18

Citrix ≫ NetScaler Gateway Version-

Citrix ≫ Netscaler Gateway Firmware Version >= 11.1 < 11.1-64.14

Citrix ≫ NetScaler Gateway Version-

Citrix ≫ Netscaler Gateway Firmware Version >= 12.0 < 12.0-63.21

Citrix ≫ NetScaler Gateway Version-

Citrix ≫ Netscaler Gateway Firmware Version >= 12.1 < 12.1-57.18

Citrix ≫ NetScaler Gateway Version-

Citrix ≫ Gateway Firmware Version >= 13.0 < 13.0-58.30

Citrix ≫ Gateway Version-

Citrix ≫ Sd-wan Wanop Version >= 10.2 < 10.2.7

   Citrix ≫ 4000-wo Version-
   Citrix ≫ 4100-wo Version-
   Citrix ≫ 5000-wo Version-
   Citrix ≫ 5100-wo Version-

Citrix ≫ Sd-wan Wanop Version >= 11.0 < 11.0.3d

   Citrix ≫ 4000-wo Version-
   Citrix ≫ 4100-wo Version-
   Citrix ≫ 5000-wo Version-
   Citrix ≫ 5100-wo Version-

Citrix ≫ Sd-wan Wanop Version >= 11.1 < 11.1.1a

   Citrix ≫ 4000-wo Version-
   Citrix ≫ 4100-wo Version-
   Citrix ≫ 5000-wo Version-
   Citrix ≫ 5100-wo Version-

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability

Schwachstelle

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.3%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://support.citrix.com/article/CTX276688

Vendor Advisory

http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2020-8193

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8193

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8193

EUVD