cbcvebase.
CVE-2020-8299
published 2021-06-16

CVE-2020-8299: Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP…

PriorityP428medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
EPSS
0.42%
33.6th percentile
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

Affected

22 ranges
VendorProductVersion rangeFixed in
citrixapplication_delivery_controller_firmware>= 11.1 < 11.1-65.2011.1-65.20
citrixapplication_delivery_controller_firmware>= 12.1 < 12.1-61.1812.1-61.18
citrixapplication_delivery_controller_firmware>= 12.1 < 12.1-55.23812.1-55.238
citrixapplication_delivery_controller_firmware>= 13.0 < 13.0-76.2913.0-76.29
citrixcitrix_adc
citrixcitrix_application_delivery_controller
citrixcitrix_gateway
citrixcitrix_sd-wan_wanop
citrixcitrix_workspace_app
citrixgateway>= 12.1 < 12.1-61.1812.1-61.18
citrixgateway>= 13.0 < 13.0-76.2913.0-76.29
citrixnetscaler_adc
citrixnetscaler_adc_gateway
citrixnetscaler_gateway
citrixnetscaler_gateway>= 11.1 < 11.1-65.2011.1-65.20
citrixsd-wan
citrixsd-wan_wanop>= 10.2 < 10.2.9a10.2.9a
citrixsd-wan_wanop>= 11.1 < 11.1.2c11.1.2c
citrixsd-wan_wanop>= 11.2 < 11.2.3a11.2.3a
citrixsd-wan_wanop>= 11.3 < 11.3.211.3.2
citrixworkspace
citrixxenserver

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.