CVE-2020-8273OS Command Injection in Citrix Sd-wan

CWE-78OS Command InjectionCWE-23Relative Path TraversalCWE-287Improper Authentication4 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.6%
top 18.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Citrix Sd-wanCitrix Sd-wanCitrix Xenserver
Timeline
PublishedNov 16
Latest updateMay 24

Description

Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDcitrix/sd-wan10.2.010.2.8+2
citrixcitrix/sd-wan

🔴Vulnerability Details

1
GHSA
GHSA-2qc4-grg3-rm6f: Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 112022-05-24

📋Vendor Advisories

2
Citrix
CVE-2020-8273: Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.2020-11-16
Citrix
Citrix SDWAN Center Security Update