ID CVE-2020-8193
Summary Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
References
Vulnerable Configurations
  • cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:*:*:*:*:*:*:*
  • cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*
    cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*
  • cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*
    cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*
  • cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*
    cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:sd-wan_wanop:10.2:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:sd-wan_wanop:10.2:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:sd-wan_wanop:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:sd-wan_wanop:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:sd-wan_wanop:11.1:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:sd-wan_wanop:11.1:*:*:*:*:*:*:*
  • cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*
    cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*
  • cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*
    cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*
  • cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*
    cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*
  • cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*
    cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-11-2020 - 18:15)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
misc
Last major update 13-11-2020 - 18:15
Published 10-07-2020 - 16:15
Last modified 13-11-2020 - 18:15
Back to Top