CVE-2020-8193

high-risk

Published 2020-07-10

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

Do I need to act?

94.4% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (4)

Application Delivery Controller Firmware

Netscaler Gateway Firmware

Gateway Firmware

Sd-Wan Wanop

Affected Vendors

Citrix

References (5)

Exploit http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Incl...

Vendor Advisory https://support.citrix.com/article/CTX276688

Exploit http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Incl...

Vendor Advisory https://support.citrix.com/article/CTX276688

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-...

/ 100

high-risk

Severity 24/34 · High

Exploitability 27/34 · High

Exposure 10/34 · Low