CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8193

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.943

EPSS Ranking 99.9%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 5.0

Proposed Action

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.

Ransomware Campaign

Unknown

References

Products affected by CVE-2020-8193

Citrix » 4000-Wo » Version: N/A

cpe:2.3:h:citrix:4000-wo:-
Citrix » 4100-Wo » Version: N/A

cpe:2.3:h:citrix:4100-wo:-
Citrix » 5000-Wo » Version: N/A

cpe:2.3:h:citrix:5000-wo:-
Citrix » 5100-Wo » Version: N/A

cpe:2.3:h:citrix:5100-wo:-
Citrix » Application Delivery Controller » Version: N/A

cpe:2.3:h:citrix:application_delivery_controller:-
Citrix » Gateway » Version: N/A

cpe:2.3:h:citrix:gateway:-
Citrix » Netscaler Gateway » Version: N/A

cpe:2.3:h:citrix:netscaler_gateway:-
Citrix » Application Delivery Controller Firmware » Version: 10.5

cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5
Citrix » Application Delivery Controller Firmware » Version: 11.1

cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1
Citrix » Application Delivery Controller Firmware » Version: 12.0

cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0
Citrix » Application Delivery Controller Firmware » Version: 12.1

cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1
Citrix » Application Delivery Controller Firmware » Version: 12.1-55.238

cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-55.238
Citrix » Application Delivery Controller Firmware » Version: 12.1-55.291

cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-55.291
Citrix » Application Delivery Controller Firmware » Version: 13.0

cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0
Citrix » Gateway Firmware » Version: 13.0

cpe:2.3:o:citrix:gateway_firmware:13.0
Citrix » Netscaler Gateway Firmware » Version: 10.5

cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5
Citrix » Netscaler Gateway Firmware » Version: 11.1

cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1
Citrix » Netscaler Gateway Firmware » Version: 12.0

cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0
Citrix » Netscaler Gateway Firmware » Version: 12.1

cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1
Citrix » Sd-Wan Wanop » Version: 10.2

cpe:2.3:o:citrix:sd-wan_wanop:10.2
Citrix » Sd-Wan Wanop » Version: 11.0

cpe:2.3:o:citrix:sd-wan_wanop:11.0
Citrix » Sd-Wan Wanop » Version: 11.1

cpe:2.3:o:citrix:sd-wan_wanop:11.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8193

Products

Pricing

Contact Us