⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-8196 — Improper Access Control in Citrix Application Delivery Controller Firmware

CWE-284 — Improper Access Control CWE-287 — Improper Authentication CWE-862 — Missing Authorization21 documents10 sources

Severity

4.3MEDIUMNVD

EPSS

68.1%

top 1.40%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Citrix Application Delivery Controller Firmware Citrix Gateway Firmware Citrix Netscaler Gateway Firmware +9 more

Timeline

PublishedJul 10

KEV addedNov 3

KEV dueMay 3

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages12 packages

▶NVDcitrix/gateway_firmware13.0 — 13.0-58.30

▶NVDcitrix/netscaler_gateway_firmware10.5 — 10.5-70.18+3

▶NVDcitrix/application_delivery_controller_firmware10.5 — 10.5-70.18+4

▶citrixcitrix/citrix_gateway

▶citrixcitrix/netscaler_gateway

🔴Vulnerability Details

GHSA

GHSA-gc2g-58xq-cq5h: Improper access control in Citrix ADC and Citrix Gateway versions before 13↗2022-05-24

▶

VulnCheck

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability↗2020

▶

💥Exploits & PoCs

Exploit-DB

Citrix ADC NetScaler - Local File Inclusion (Metasploit)↗2020-11-13

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible Citrix Authentication Bypass Attempt Inbound (CVE-2020-8193)↗2020-10-21

▶

Suricata

ET EXPLOIT Possible Citrix Information Disclosure Attempt Inbound (CVE-2020-8195)↗2020-10-21

▶

📋Vendor Advisories

CISA

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability↗2021-11-03

▶

Citrix

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update↗2020-08-17

▶

Citrix

CVE-2020-8196: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWA↗2020-07-10

▶

🕵️Threat Intelligence

Tenable

Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs↗2021-08-25

▶

Tenable

One Year Later: What Can We Learn from Zerologon?↗2021-08-11

▶

Trendmicro

Manage Zero Day Exploits (ZDI) with Trend Micro Solutions↗2021-04-28

▶

Trendmicro

Manage Zero Day Exploits (ZDI) with Trend Micro Solutions↗2021-04-28

▶

Trendmicro

Manage Zero Day Exploits (ZDI) with Trend Micro Solutions↗2021-04-28

▶