Vulnerability Details CVE-2020-8196
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.63
EPSS Ranking 98.3%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
Proposed Action
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
Ransomware Campaign
Unknown
References
Products affected by CVE-2020-8196
-
cpe:2.3:h:citrix:4000-wo:-
-
cpe:2.3:h:citrix:4100-wo:-
-
cpe:2.3:h:citrix:5000-wo:-
-
cpe:2.3:h:citrix:5100-wo:-
-
cpe:2.3:h:citrix:application_delivery_controller:-
-
cpe:2.3:h:citrix:gateway:-
-
cpe:2.3:h:citrix:netscaler_gateway:-
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-55.238
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-55.291
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0
-
cpe:2.3:o:citrix:gateway_firmware:13.0
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1
-
cpe:2.3:o:citrix:sd-wan_wanop:10.2
-
cpe:2.3:o:citrix:sd-wan_wanop:11.0
-
cpe:2.3:o:citrix:sd-wan_wanop:11.1