CVE-2020-8196

high-risk

Published 2020-07-10

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

Do I need to act?

68.1% chance of exploitation in next 30 days

EPSS score — higher than 32% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (4)

Application Delivery Controller Firmware

Netscaler Gateway Firmware

Gateway Firmware

Sd-Wan Wanop

Affected Vendors

Citrix

References (5)

Third Party Advisory http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Incl...

Vendor Advisory https://support.citrix.com/article/CTX276688

Third Party Advisory http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Incl...

Vendor Advisory https://support.citrix.com/article/CTX276688

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-...

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 26/34 · High

Exposure 10/34 · Low