cvelistv5 - cve-2020-8299

cve-2020-8299

Vulnerability from cvelistv5

Published

2021-06-16 13:08

Modified

2024-08-04 09:56

Severity ?

Summary

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

References

▼	URL	Tags
	support@hackerone.com	https://support.citrix.com/article/CTX297155	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX297155	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition

Version: Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:28.408Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX297155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Denial of Service (CWE-400)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-16T13:08:22",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.citrix.com/article/CTX297155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8299",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (CWE-400)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX297155",
              "refsource": "MISC",
              "url": "https://support.citrix.com/article/CTX297155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8299",
    "datePublished": "2021-06-16T13:08:22",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:28.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8299\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2021-06-16T14:15:08.107\",\"lastModified\":\"2024-11-21T05:38:41.210\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.\"},{\"lang\":\"es\",\"value\":\"Citrix ADC y Citrix/NetScaler Gateway versiones 13.0 anteriores a 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.238, y Citrix SD-WAN WANOP Edition versiones anteriores a 11.4.0, 11. 3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a, sufren un consumo no controlado de recursos mediante una denegaci\u00f3n de servicio basada en la red desde el mismo segmento de red de capa 2. Tome en cuenta que el atacante debe estar en el mismo segmento de red de capa 2 que el dispositivo vulnerable\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":3.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-61.18\",\"matchCriteriaId\":\"871316FC-14DC-41BE-971B-61FBE11D5ABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-76.29\",\"matchCriteriaId\":\"FAA24333-CF47-45C2-81E3-C990095920D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1\",\"versionEndExcluding\":\"11.1-65.20\",\"matchCriteriaId\":\"D77B2AD2-BAF1-4FD3-B7C5-88AC1B130971\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1\",\"versionEndExcluding\":\"11.1-65.20\",\"matchCriteriaId\":\"E178AA28-B24F-4565-A314-1E58AAC54648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-61.18\",\"matchCriteriaId\":\"7AEBA65F-2FEA-45B2-9118-8781258BC28D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-76.29\",\"matchCriteriaId\":\"7F78FBC6-84A1-4D99-8D70-BA5AF4B1F2BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E69E10-6F40-4FE4-9D84-F6C25EAB79D8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.238\",\"matchCriteriaId\":\"8BEBCAD2-581F-4217-8425-46C03584E673\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx\\\\/sdx_14030_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCB11BC1-0702-436F-BFE2-14B38B118D99\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx\\\\/sdx_14060_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8569B182-D0A7-414B-B0A3-4DD2FAB44F69\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx\\\\/sdx_14080_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F60729DF-EDC8-4462-ABD2-6E4199F22701\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B789F02A-56CB-4871-9D9D-FAB0F31A72A1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06699186-E7E4-463C-8844-77B2A750B985\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"848169A6-CAD7-4E14-BC5D-B2E94DC93CCB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C69709C-885A-4F19-899D-A7B5CE7066EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B2136C1-8AB6-4C70-87F4-1F8A93A876C9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"492323D2-339D-404C-BB9B-E09ABB87FA2B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB83185D-DD6F-47CD-B500-499F9EF65093\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.2\",\"versionEndExcluding\":\"10.2.9a\",\"matchCriteriaId\":\"E2E30C0C-32F2-4257-B946-600E3123A0D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1\",\"versionEndExcluding\":\"11.1.2c\",\"matchCriteriaId\":\"469E2490-71B8-48FB-A032-08922C75339A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2\",\"versionEndExcluding\":\"11.2.3a\",\"matchCriteriaId\":\"56A52140-F4AE-4616-91E7-FF941EA26343\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.3\",\"versionEndExcluding\":\"11.3.2\",\"matchCriteriaId\":\"974341A5-6B06-4975-9406-CF41AB0E92F6\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/article/CTX297155\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX297155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-8299

Vulnerability from cvelistv5

var-202106-0490

Vulnerability from variot

ghsa-xvx2-hw78-h573

Vulnerability from github

gsd-2020-8299

Vulnerability from gsd

Tags

Sightings

Nomenclature