CVE-2020-8247
published 2020-09-18CVE-2020-8247: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix…
PriorityP349high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.35%
68.1th percentile
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | application_delivery_controller_firmware | >= 11.1 < 11.1-65.12 | 11.1-65.12 |
| citrix | application_delivery_controller_firmware | >= 12.1 < 12.1-58.15 | 12.1-58.15 |
| citrix | application_delivery_controller_firmware | >= 13.0 < 13.0-64.35 | 13.0-64.35 |
| citrix | citrix_adc | — | — |
| citrix | citrix_application_delivery_controller | — | — |
| citrix | citrix_gateway | — | — |
| citrix | citrix_sd-wan_wanop | — | — |
| citrix | gateway | >= 11.1 < 11.1-65.12 | 11.1-65.12 |
| citrix | gateway | >= 13.0 < 13.0-64.35 | 13.0-64.35 |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | >= 12.1 < 12.1-58.15 | 12.1-58.15 |
| citrix | sd-wan | — | — |
| citrix | sd-wan_wanop | >= 10.2 < 10.2.7b | 10.2.7b |
| citrix | sd-wan_wanop | >= 11.0 < 11.0.3f | 11.0.3f |
| citrix | sd-wan_wanop | >= 11.1 < 11.1.2a | 11.1.2a |
| citrix | sd-wan_wanop | >= 11.2 < 11.2.1a | 11.2.1a |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
vendor_citrix·2020-09-18·CVSS 6.1
CVE-2020-8245 [MEDIUM] CWE-269 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
of Problem Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in the following security issues: CVE ID Description Vulnerability Type
CVE References: CVE-2020-8245, CVE-2020-8246, CVE-2020-8247
Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler ADC, NetScaler Gateway, XenServer, sd-wan
Severity: Medium
Remediation:
Fixed builds have been released for supported versions of Citrix ADC, Citrix Ga
Citrix
CVE-2020-8247: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187
vendor_citrix·2020-09-18·CVSS 8.8
CVE-2020-8247 [HIGH] CWE-269 CVE-2020-8247: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187
CVE-2020-8247: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.
GHSA
GHSA-3fgp-p3x8-6r59: Citrix ADC and Citrix Gateway 13
ghsa_unreviewed·2022-05-24
CVE-2020-8247 [HIGH] GHSA-3fgp-p3x8-6r59: Citrix ADC and Citrix Gateway 13
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-09-18
Published