CVE-2020-8190 — Improper Preservation of Permissions in Citrix Application Delivery Controller Firmware

CWE-281 — Improper Preservation of Permissions5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 49.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Application Delivery Controller Firmware Citrix Gateway Firmware Citrix Netscaler Gateway Firmware +8 more

Timeline

PublishedJul 10

Latest updateMay 24

Description

Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages11 packages

▶NVDcitrix/gateway_firmware13.0 — 13.0-58.30

▶NVDcitrix/netscaler_gateway_firmware10.5 — 10.5-70.18+3

▶citrixcitrix/citrix_gateway

▶citrixcitrix/netscaler_gateway

▶NVDcitrix/application_delivery_controller_firmware10.5 — 10.5-70.18+4

🔴Vulnerability Details

GHSA

GHSA-85c5-xq3r-f3vw: Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13↗2022-05-24

▶

📋Vendor Advisories

Citrix

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update↗2020-08-17

▶

Citrix

CVE-2020-8190: Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privi↗2020-07-10

▶

🕵️Threat Intelligence

Tenable

CVE-2020-8193, CVE-2020-8195, and CVE-2020-8196: Active Exploitation of Citrix Vulnerabilities↗2020-07-15

▶