CVE-2020-8194
published 2020-07-10CVE-2020-8194: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP…
PriorityP276medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
10.70%
95.3th percentile
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | application_delivery_controller_firmware | >= 10.5 < 10.5-70.18 | 10.5-70.18 |
| citrix | application_delivery_controller_firmware | >= 11.1 < 11.1-64.14 | 11.1-64.14 |
| citrix | application_delivery_controller_firmware | >= 12.0 < 12.0-63.21 | 12.0-63.21 |
| citrix | application_delivery_controller_firmware | >= 12.1 < 12.1-57.18 | 12.1-57.18 |
| citrix | application_delivery_controller_firmware | >= 13.0 < 13.0-58.30 | 13.0-58.30 |
| citrix | citrix_adc | — | — |
| citrix | citrix_application_delivery_controller | — | — |
| citrix | citrix_gateway | — | — |
| citrix | citrix_sd-wan_wanop | — | — |
| citrix | gateway_firmware | >= 13.0 < 13.0-58.30 | 13.0-58.30 |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway_firmware | >= 10.5 < 10.5-70.18 | 10.5-70.18 |
| citrix | netscaler_gateway_firmware | >= 11.1 < 11.1-64.14 | 11.1-64.14 |
| citrix | netscaler_gateway_firmware | >= 12.0 < 12.0-63.21 | 12.0-63.21 |
| citrix | netscaler_gateway_firmware | >= 12.1 < 12.1-57.18 | 12.1-57.18 |
| citrix | sd-wan | — | — |
| citrix | sd-wan_wanop | >= 10.2 < 10.2.7 | 10.2.7 |
| citrix | sd-wan_wanop | >= 11.0 < 11.0.3d | 11.0.3d |
| citrix | sd-wan_wanop | >= 11.1 < 11.1.1a | 11.1.1a |
| citrix | xenserver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/menu/guiw?nsbrand=1&protocol=nonexistent.1337">&id=3&nsvpx=phpinfo
- →Send a GET request to /menu/guiw with the reflected injection payload in the 'protocol' and 'nsvpx' parameters and the Cookie 'startupapp=st'; a vulnerable response returns HTTP 200 with Content-Type header containing 'application/x-java-jnlp-file' and a script tag in the body.
- →Match on response body containing a '<script>' tag AND response Content-Type header containing 'application/x-java-jnlp-file' with HTTP status 200 to confirm exploitation.
- ·Affected Citrix ADC / NetScaler Gateway versions are before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18; Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d, and 10.2.7 are also affected. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
vendor_citrix·2020-08-17·CVSS 6.5
CVE-2019-18177 [MEDIUM] Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
of Problem Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues including: Attacks that are limited to the management interface System compromise by an unauthenticated user on the management network. System compromise through Cross Site Scripting (XSS) on the management interface Creation of a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, may result in the c
Citrix
CVE-2020-8194: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDW
vendor_citrix·2020-07-10·CVSS 6.5
CVE-2020-8194 [MEDIUM] CWE-94 CVE-2020-8194: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDW
CVE-2020-8194: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
GHSA
GHSA-v424-6v58-95q3: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13
ghsa_unreviewed·2022-05-24
CVE-2020-8194 [MEDIUM] GHSA-v424-6v58-95q3: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
VulnCheck
Citrix application_delivery_controller_firmware Improper Control of Generation of Code ('Code Injection')
vulncheck·2020·CVSS 6.5
CVE-2020-8194 [MEDIUM] Citrix application_delivery_controller_firmware Improper Control of Generation of Code ('Code Injection')
Citrix application_delivery_controller_firmware Improper Control of Generation of Code ('Code Injection')
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
Affected: Citrix application_delivery_controller_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://info.greynoise.io/hubfs/resources/GreyNoise-Early-Warning-Signals-Attacker-Behavior-Precedes-New-Vulnerabilities-Report.pdf
No detection rules found.
Nuclei
Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
nuclei·CVSS 6.5
CVE-2020-8194 [MEDIUM] Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18. Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allow modification of a file download.
Template:
id: CVE-2020-8194
info:
name: Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
author: dwisiswant0
severity: medium
description: Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain se
2020-07-10
Published
Exploited in the wild