← back
CVE-2020-8193

CVE-2020-8193

CVSS 6.5 MEDIUMEPSS 88.4%● KEVCWE-284
In short

Citrix ADC, Gateway, and SDWAN WAN-OP versions before specific patches allow unauthenticated users to access certain URL endpoints that should require authentication. This could let attackers view or interact with protected resources without logging in.

Technical detail

Improper access control (CWE-284) in multiple Citrix products enables unauthenticated access to specific URL endpoints due to missing or insufficient authentication checks. An unauthenticated attacker can directly access these endpoints over the network, potentially exposing sensitive information or administrative functions without valid credentials.

Summary generated and translated by AI from the official description.
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
n/a · Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
public PoCs found6
githubgithub.com/jas502n/CVE-2020-819388githubgithub.com/Airboi/Citrix-ADC-RCE-CVE-2020-819345githubgithub.com/PR3R00T/CVE-2020-8193-Citrix-Scanner8githubgithub.com/Zeop-CyberSec/citrix_adc_netscaler_lfi6githubgithub.com/ctlyz123/CVE-2020-81932cve_referencepacketstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.htmlhttps://support.citrix.com/article/CTX276688https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8193