CVE-2020-8196MEDIUM
Description
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
References
http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html
Details
Source: MITRE
Published: 2020-07-10
Updated: 2020-11-13
Type: CWE-862
Risk Information
CVSS v2.0
Base Score: 4
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8
Severity: MEDIUM
CVSS v3.0
Base Score: 4.3
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Impact Score: 1.4
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
AND
OR
cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*
Configuration 2
AND
OR
cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*
OR
Configuration 3
AND
OR
OR
Configuration 4
AND
OR
cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*
cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 140192 | Citrix SD-WAN WANOP 10.2.x Multiple Vulnerabilities (CTX276688) | Nessus | CGI abuses | medium |
| 138212 | Citrix ADC and Citrix NetScaler Gateway Multiple Vulnerabilities (CTX276688) | Nessus | CGI abuses | medium |