Privilege Escalation Issue in Citrix ADC and Gateway Products
CVE-2020-8247

8.8HIGH

Key Information:

Vendor: Citrix
Status: Citrix Adc, Citrix Gateway, Citrix Sdwan Wan-op
Vendor: CVE Published:; 18 September 2020

Summary

Certain versions of Citrix ADC and Citrix Gateway, as well as various Citrix SD-WAN WANOP releases, are susceptible to a privilege escalation vulnerability that impacts the management interface. This vulnerability allows unauthorized users to gain elevated access to system functionalities, which could compromise the integrity of the system. It is essential for users to apply available patches and updates to their affected products to mitigate potential risks associated with this vulnerability. For more details, refer to the Citrix support documentation.

Affected Version(s)

Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b

References

https://support.citrix.com/article/CTX281474

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2020
Vulnerability Reserved
Jan 28, 2020