CVE-2020-8272
published 2020-11-16CVE-2020-8272: Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.45%
70.1th percentile
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_sd-wan | — | — |
| citrix | sd-wan | — | — |
| citrix | sd-wan | >= 10.2.0 < 10.2.8 | 10.2.8 |
| citrix | sd-wan | >= 11.1.0 < 11.1.2b | 11.1.2b |
| citrix | sd-wan | >= 11.2.0 < 11.2.2 | 11.2.2 |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2020-8272: Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
vendor_citrix·2020-11-16·CVSS 7.5
CVE-2020-8272 [HIGH] CWE-287 CVE-2020-8272: Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
CVE-2020-8272: Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
Citrix
Citrix SDWAN Center Security Update
vendor_citrix·CVSS 9.8
CVE-2020-8271 [CRITICAL] CWE-23 Citrix SDWAN Center Security Update
Citrix SDWAN Center Security Update
of Problem Multiple vulnerabilities have been discovered in Citrix SD-WAN Center that, if exploited, could allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root. These vulnerabilities have the following identifiers: CVE Description Vulnerability Type Pre-conditions CVE-2020-8271 Unauthenticated remote code execution with root privileges CWE-23: Path Traversal An attacker must be able to communicate with SD-WAN Center's Management IP/FQDN CVE-2020-8272 Authentication Bypass resulting in exposure of SD-WAN functionality CWE-287: Improper Authentication An attacker must be able to communicate with SD-WAN Center's Management IP/FQDN CVE-2020-8273 Privilege escalation of an authenticated user to ro
GHSA
GHSA-gvx7-3jhm-q87j: Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11
ghsa_unreviewed·2022-05-24
CVE-2020-8272 [HIGH] CWE-287 GHSA-gvx7-3jhm-q87j: Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-11-16
Published