CVE-2020-8196
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP | Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7 | affected |
Weaknesses
- CWE-284: Improper Access Control - Generic (CWE-284)
ADP Enrichment
CVE Program Container
Additional References
- https://support.citrix.com/article/CTX276688
- http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://support.citrix.com/article/CTX276688
- http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.