Russian Vulnerability Scanner Database

Back to List

CVE-2020-8193

Scores

EPSS Score

0.9435

CVSS

3.x 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0
5.0

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Description

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

Sources

nvd

CWEs

CWE-287

Related Vulnerabilities

BDU:2023-00728

Exploits

Exploit ID: CVE-2020-8193

Source: github-poc

URL: https://github.com/ctlyz123/CVE-2020-8193

Reference Links

http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html
https://support.citrix.com/article/CTX276688

Vulnerable Software

Type: Configuration

Vendor: citrix

Product: application_delivery_controller_firmware

Operating System: * * *

Trait: 
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "10.5-70.18",
          "versionStartIncluding": "10.5",
          "vulnerable": true
        },
        {
          "cpe23uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "11.1-64.14",
          "versionStartIncluding": "11.1",
          "vulnerable": true
        },
        {
          "cpe23uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "12.0-63.21",
          "versionStartIncluding": "12.0",
          "vulnerable": true
        },
        {
          "cpe23uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "12.1-57.18",
          "versionStartIncluding": "12.1",
          "vulnerable": true
        },
        {
          "cpe23uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "13.0-58.30",
          "versionStartIncluding": "13.0",
          "vulnerable": true
        }
      ],
      "operator": "OR"
    },
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*"
        }
      ],
      "operator": "OR"
    }
  ],
  "operator": "AND"
}

Source: nvd

Type: Configuration

Vendor: citrix

Product: gateway_firmware

Operating System: * * *

Trait: 
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "13.0-58.30",
          "versionStartIncluding": "13.0",
          "vulnerable": true
        }
      ],
      "operator": "OR"
    },
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*"
        }
      ],
      "operator": "OR"
    }
  ],
  "operator": "AND"
}

Source: nvd

Type: Configuration

Vendor: citrix

Product: netscaler_gateway_firmware

Operating System: * * *

Trait: 
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "10.5-70.18",
          "versionStartIncluding": "10.5",
          "vulnerable": true
        },
        {
          "cpe23uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "11.1-64.14",
          "versionStartIncluding": "11.1",
          "vulnerable": true
        },
        {
          "cpe23uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "12.0-63.21",
          "versionStartIncluding": "12.0",
          "vulnerable": true
        },
        {
          "cpe23uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "12.1-57.18",
          "versionStartIncluding": "12.1",
          "vulnerable": true
        }
      ],
      "operator": "OR"
    },
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*"
        }
      ],
      "operator": "OR"
    }
  ],
  "operator": "AND"
}

Source: nvd

Type: Configuration

Vendor: citrix

Product: sd-wan_wanop

Operating System: * * *

Trait: 
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "10.2.7",
          "versionStartIncluding": "10.2",
          "vulnerable": true
        },
        {
          "cpe23uri": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "11.0.3d",
          "versionStartIncluding": "11.0",
          "vulnerable": true
        },
        {
          "cpe23uri": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "11.1.1a",
          "versionStartIncluding": "11.1",
          "vulnerable": true
        }
      ],
      "operator": "OR"
    },
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*"
        },
        {
          "cpe23uri": "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*"
        },
        {
          "cpe23uri": "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*"
        },
        {
          "cpe23uri": "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*"
        }
      ],
      "operator": "OR"
    }
  ],
  "operator": "AND"
}

Source: nvd