CVE-2020-8187Improper Input Validation in Citrix Application Delivery Controller Firmware

CWE-20Improper Input Validation5 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 21.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Citrix Application Delivery Controller FirmwareCitrix Netscaler Gateway FirmwareCitrix ADC+7 more
Timeline
PublishedJul 10
Latest updateMay 24

Description

Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

NVDcitrix/netscaler_gateway_firmware11.111.1-63.9+1
citrixcitrix/sd-wan

🔴Vulnerability Details

1
GHSA
GHSA-qq2f-8prw-23j6: Improper input validation in Citrix ADC and Citrix Gateway versions before 112022-05-24

📋Vendor Advisories

2
Citrix
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update2020-08-17
Citrix
CVE-2020-8187: Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial o2020-07-10

🕵️Threat Intelligence

1
Tenable
CVE-2020-8193, CVE-2020-8195, and CVE-2020-8196: Active Exploitation of Citrix Vulnerabilities2020-07-15