CVE-2020-8299
published 2021-06-16CVE-2020-8299: Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP…
PriorityP428medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
EPSS
0.42%
33.6th percentile
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | application_delivery_controller_firmware | >= 11.1 < 11.1-65.20 | 11.1-65.20 |
| citrix | application_delivery_controller_firmware | >= 12.1 < 12.1-61.18 | 12.1-61.18 |
| citrix | application_delivery_controller_firmware | >= 12.1 < 12.1-55.238 | 12.1-55.238 |
| citrix | application_delivery_controller_firmware | >= 13.0 < 13.0-76.29 | 13.0-76.29 |
| citrix | citrix_adc | — | — |
| citrix | citrix_application_delivery_controller | — | — |
| citrix | citrix_gateway | — | — |
| citrix | citrix_sd-wan_wanop | — | — |
| citrix | citrix_workspace_app | — | — |
| citrix | gateway | >= 12.1 < 12.1-61.18 | 12.1-61.18 |
| citrix | gateway | >= 13.0 < 13.0-76.29 | 13.0-76.29 |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | >= 11.1 < 11.1-65.20 | 11.1-65.20 |
| citrix | sd-wan | — | — |
| citrix | sd-wan_wanop | >= 10.2 < 10.2.9a | 10.2.9a |
| citrix | sd-wan_wanop | >= 11.1 < 11.1.2c | 11.1.2c |
| citrix | sd-wan_wanop | >= 11.2 < 11.2.3a | 11.2.3a |
| citrix | sd-wan_wanop | >= 11.3 < 11.3.2 | 11.3.2 |
| citrix | workspace | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2020-8299: Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WAN
vendor_citrix·2021-06-16·CVSS 6.5
CVE-2020-8299 [MEDIUM] CWE-400 CVE-2020-8299: Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WAN
CVE-2020-8299: Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
Citrix
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
vendor_citrix·2021-06-08·CVSS 6.5
CVE-2020-8299 [MEDIUM] CWE-284 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
CWE
CVE References: CVE-2020-8299, CVE-2020-8300
Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, Citrix Workspace App, NetScaler ADC, NetScaler Gateway, Workspace, XenServer
Severity: High
GHSA
GHSA-xvx2-hw78-h573: Citrix ADC and Citrix/NetScaler Gateway 13
ghsa_unreviewed·2022-05-24
CVE-2020-8299 [MEDIUM] CWE-400 GHSA-xvx2-hw78-h573: Citrix ADC and Citrix/NetScaler Gateway 13
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-06-16
Published