CVE-2020-8257Improper Privilege Management in Citrix Gateway Plug-in

CWE-269Improper Privilege Management4 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 37.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Citrix Gateway Plug-inCitrix ADMCitrix Hypervisor+5 more
Timeline
PublishedDec 14
Latest updateMay 24

Description

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

NVDcitrix/gateway_plug-in12.012.1-58.15+1

🔴Vulnerability Details

1
GHSA
GHSA-gjfx-fqhh-mx8f: Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 132022-05-24

📋Vendor Advisories

2
Citrix
CVE-2020-8257: Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to2020-12-14
Citrix
Citrix Security Bulletin CTX282684