CVE-2020-8273
published 2020-11-16CVE-2020-8273: Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
PriorityP352high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.41%
82.0th percentile
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_sd-wan | — | — |
| citrix | sd-wan | — | — |
| citrix | sd-wan | >= 10.2.0 < 10.2.8 | 10.2.8 |
| citrix | sd-wan | >= 11.1.0 < 11.1.2b | 11.1.2b |
| citrix | sd-wan | >= 11.2.0 < 11.2.2 | 11.2.2 |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2020-8273: Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
vendor_citrix·2020-11-16·CVSS 8.8
CVE-2020-8273 [HIGH] CWE-78 CVE-2020-8273: Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
CVE-2020-8273: Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
Citrix
Citrix SDWAN Center Security Update
vendor_citrix·CVSS 9.8
CVE-2020-8271 [CRITICAL] CWE-23 Citrix SDWAN Center Security Update
Citrix SDWAN Center Security Update
of Problem Multiple vulnerabilities have been discovered in Citrix SD-WAN Center that, if exploited, could allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root. These vulnerabilities have the following identifiers: CVE Description Vulnerability Type Pre-conditions CVE-2020-8271 Unauthenticated remote code execution with root privileges CWE-23: Path Traversal An attacker must be able to communicate with SD-WAN Center's Management IP/FQDN CVE-2020-8272 Authentication Bypass resulting in exposure of SD-WAN functionality CWE-287: Improper Authentication An attacker must be able to communicate with SD-WAN Center's Management IP/FQDN CVE-2020-8273 Privilege escalation of an authenticated user to ro
GHSA
GHSA-2qc4-grg3-rm6f: Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11
ghsa_unreviewed·2022-05-24
CVE-2020-8273 [HIGH] CWE-78 GHSA-2qc4-grg3-rm6f: Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-11-16
Published