CVE-2020-8258Improper Privilege Management in Citrix Gateway Plug-in

CWE-269Improper Privilege Management4 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 55.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Citrix Gateway Plug-inCitrix ADMCitrix Hypervisor+5 more
Timeline
PublishedDec 14
Latest updateMay 24

Description

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

NVDcitrix/gateway_plug-in12.012.1-58+1

🔴Vulnerability Details

1
GHSA
GHSA-r269-87mv-8wp9: Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 132022-05-24

📋Vendor Advisories

2
Citrix
CVE-2020-8258: Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows a2020-12-14
Citrix
Citrix Security Bulletin CTX282684