CVE-2020-8195

Warning

Exploit

EPSS 86.64%
Published 10.07.2020 16:15:12
Last modified 30.07.2025 19:00:02
Source support@hackerone.com
Teams watchlist Login
Open Login

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

Affected products Warnungen 1 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Citrix ≫ Application Delivery Controller Firmware Version >= 10.5 < 10.5-70.18

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Application Delivery Controller Firmware Version >= 11.1 < 11.1-64.14

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Application Delivery Controller Firmware Version >= 12.0 < 12.0-63.21

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Application Delivery Controller Firmware Version >= 12.1 < 12.1-57.18

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Application Delivery Controller Firmware Version >= 13.0 < 13.0-58.30

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Netscaler Gateway Firmware Version >= 10.5 < 10.5-70.18

Citrix ≫ NetScaler Gateway Version-

Citrix ≫ Netscaler Gateway Firmware Version >= 11.1 < 11.1-64.14

Citrix ≫ NetScaler Gateway Version-

Citrix ≫ Netscaler Gateway Firmware Version >= 12.0 < 12.0-63.21

Citrix ≫ NetScaler Gateway Version-

Citrix ≫ Netscaler Gateway Firmware Version >= 12.1 < 12.1-57.18

Citrix ≫ NetScaler Gateway Version-

Citrix ≫ Gateway Firmware Version >= 13.0 < 13.0-58.30

Citrix ≫ Gateway Version-

Citrix ≫ Sd-wan Wanop Version >= 10.2 < 10.2.7

   Citrix ≫ 4000-wo Version-
   Citrix ≫ 4100-wo Version-
   Citrix ≫ 5000-wo Version-
   Citrix ≫ 5100-wo Version-

Citrix ≫ Sd-wan Wanop Version >= 11.0 < 11.0.3d

   Citrix ≫ 4000-wo Version-
   Citrix ≫ 4100-wo Version-
   Citrix ≫ 5000-wo Version-
   Citrix ≫ 5100-wo Version-

Citrix ≫ Sd-wan Wanop Version >= 11.1 < 11.1.1a

   Citrix ≫ 4000-wo Version-
   Citrix ≫ 4100-wo Version-
   Citrix ≫ 5000-wo Version-
   Citrix ≫ 5100-wo Version-

Citrix ≫ Gateway Plug-in For Linux Version < 1.0.0.137

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability

Vulnerability

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	86.64%	0.994

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://support.citrix.com/article/CTX276688

Vendor Advisory

http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2020-8195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8195

EUVD