CVE-2020-8300
published 2021-06-16CVE-2020-8300: Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access…
PriorityP338medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
3.01%
85.7th percentile
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | application_delivery_controller_firmware | >= 11.1 < 11.1-65.20 | 11.1-65.20 |
| citrix | application_delivery_controller_firmware | >= 12.1 < 12.1-62.23 | 12.1-62.23 |
| citrix | application_delivery_controller_firmware | >= 12.1 < 12.1-55.238 | 12.1-55.238 |
| citrix | application_delivery_controller_firmware | >= 13.0 < 13.0-82.41 | 13.0-82.41 |
| citrix | citrix_adc | — | — |
| citrix | citrix_application_delivery_controller | — | — |
| citrix | citrix_gateway | — | — |
| citrix | citrix_sd-wan_wanop | — | — |
| citrix | citrix_workspace_app | — | — |
| citrix | gateway | >= 12.1 < 12.1-62.23 | 12.1-62.23 |
| citrix | gateway | >= 13.0 < 13.0-82.41 | 13.0-82.41 |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | >= 11.1 < 11.1-65.20 | 11.1-65.20 |
| citrix | workspace | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2020-8300: Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper acc
vendor_citrix·2021-06-16·CVSS 6.5
CVE-2020-8300 [MEDIUM] CWE-284 CVE-2020-8300: Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper acc
CVE-2020-8300: Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
Citrix
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
vendor_citrix·2021-06-08·CVSS 6.5
CVE-2020-8299 [MEDIUM] CWE-284 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
CWE
CVE References: CVE-2020-8299, CVE-2020-8300
Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, Citrix Workspace App, NetScaler ADC, NetScaler Gateway, Workspace, XenServer
Severity: High
Red Hat
consul: HTTP/RPC Services Allow Unbounded Resource Usage
vendor_redhat·2020-01-28·CVSS 7.5
CVE-2020-7219 [HIGH] CWE-400 consul: HTTP/RPC Services Allow Unbounded Resource Usage
consul: HTTP/RPC Services Allow Unbounded Resource Usage
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
An unbound resource consumption vulnerability was found in the API of consul. A remote attacker with a connection to the consul agent servers could abuse this flaw to cause a denial of service (DoS) by repeatedly sending TLS connect attempts over HTTP or RPC, possibly causing an application crash.
Mitigation: Enforce network connection limits on Consul server agents by using the following iptables rule:
iptables -A INPUT -p tcp --syn --dport 8300 -m connlimit --connlimit-above 100 -j REJECT --reject-with tcp-reset.
Package: servicemesh (OpenShift Service
GHSA
GHSA-pq9q-4fcv-7rvj: Citrix ADC and Citrix/NetScaler Gateway before 13
ghsa_unreviewed·2022-05-24
CVE-2020-8300 [MEDIUM] CWE-269 GHSA-pq9q-4fcv-7rvj: Citrix ADC and Citrix/NetScaler Gateway before 13
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
No detection rules found.
No public exploits indexed.
Recorded Future
Additional Entities Targeted by DarkSide Affiliate, TAG-21; Links to WellMess and Sliver Infrastructure
blogs_recorded_future
Additional Entities Targeted by DarkSide Affiliate, TAG-21; Links to WellMess and Sliver Infrastructure
## Additional Entities Targeted by DarkSide Affiliate, TAG-21; Links to WellMess and Sliver Infrastructure
## Executive Summary
In mid-May 2021, Insikt Group reported that a further 11 organizations were likely targeted by the same DarkSide affiliate that had compromised Colonial Pipeline. Substantial network communications matching a Recorded Future heuristic behavioral signature were observed on April 27 from 9 of these organizations to a Cobalt Strike command and control (C2) server (176.123.2[.]216) that was used in the operation to target Colonial Pipeline. Insikt Group tracks this ransomware-as-a-service (RaaS) affiliate and its activities internally as TAG-21.
In the two weeks after these organizations were first targeted, 5 of those 9 organizations were also communicating with s
Recorded Future
Additional Entities Targeted by DarkSide Affiliate, TAG-21; Links to WellMess and Sliver Infrastructure
blogs_recorded_future
Additional Entities Targeted by DarkSide Affiliate, TAG-21; Links to WellMess and Sliver Infrastructure
# Additional Entities Targeted by DarkSide Affiliate, TAG-21; Links to WellMess and Sliver Infrastructure
### Executive Summary
In mid-May 2021, Insikt Group reported that a further 11 organizations were likely targeted by the same DarkSide affiliate that had compromised Colonial Pipeline. Substantial network communications matching a Recorded Future heuristic behavioral signature were observed on April 27 from 9 of these organizations to a Cobalt Strike command and control (C2) server (176.123.2[.]216) that was used in the operation to target Colonial Pipeline. Insikt Group tracks this ransomware-as-a-service (RaaS) affiliate and its activities internally as TAG-21.
In the two weeks after these organizations were first targeted, 5 of those 9 organizations were also communicating with s
Bugzilla
CVE-2020-7219 consul: HTTP/RPC Services Allow Unbounded Resource Usage
bugzilla·2020-02-21·CVSS 7.5
CVE-2020-7219 [HIGH] CVE-2020-7219 consul: HTTP/RPC Services Allow Unbounded Resource Usage
CVE-2020-7219 consul: HTTP/RPC Services Allow Unbounded Resource Usage
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
Upstream issue:
https://github.com/hashicorp/consul/issues/7159
Discussion:
Created consul tracking bugs for this issue:
Affects: epel-6 [bug 1805868]
Affects: fedora-30 [bug 1805867]
---
External References:
https://github.com/hashicorp/consul/issues/7159
---
Mitigation:
Enforce network connection limits on Consul server agents by using the following iptables rule:
iptables -A INPUT -p tcp --syn --dport 8300 -m connlimit --connlimit-above 100 -j REJECT --reject-with tcp-reset.
---
Working with Kevin, whilst the go.mod file is incl
2021-06-16
Published