Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-8194Code Injection in Citrix Application Delivery Controller Firmware

CWE-94Code Injection7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
81.1%
top 0.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
12
Citrix Application Delivery Controller FirmwareCitrix Gateway FirmwareCitrix Netscaler Gateway Firmware+9 more
Timeline
PublishedJul 10
Latest updateMay 24

Description

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages12 packages

NVDcitrix/gateway_firmware13.013.0-58.30
NVDcitrix/netscaler_gateway_firmware10.510.5-70.18+3
NVDcitrix/sd-wan_wanop10.210.2.7+2

🔴Vulnerability Details

2
GHSA
GHSA-v424-6v58-95q3: Reflected code injection in Citrix ADC and Citrix Gateway versions before 132022-05-24
VulnCheck
Citrix application_delivery_controller_firmware Improper Control of Generation of Code ('Code Injection')2020

💥Exploits & PoCs

1
Nuclei
Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

📋Vendor Advisories

2
Citrix
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update2020-08-17
Citrix
CVE-2020-8194: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDW2020-07-10

🕵️Threat Intelligence

1
Tenable
CVE-2020-8193, CVE-2020-8195, and CVE-2020-8196: Active Exploitation of Citrix Vulnerabilities2020-07-15