Reflected Code Injection Vulnerability in Citrix ADC and Citrix Gateway
CVE-2020-8194

6.5MEDIUM

Key Information:

Vendor: Citrix
Status: Citrix Adc, Citrix Gateway, Citrix Sdwan Wan-op
Vendor: CVE Published:; 10 July 2020

Summary

A reflected code injection vulnerability exists in Citrix ADC and Citrix Gateway versions earlier than 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, as well as in Citrix SDWAN WAN-OP versions prior to 11.1.1a, 11.0.3d, and 10.2.7. This vulnerability can be exploited to alter file downloads, potentially leading to unauthorized access and sensitive data exposure.

Affected Version(s)

Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7

References

https://support.citrix.com/article/CTX276688

x_refsource_MISC

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2020
Vulnerability Reserved
Jan 28, 2020