CVE-2020-8195
CVE-2020-8195
Vexday Risk Score
75High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 6.5EPSS 33.3%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
10 Jul 2020Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Citrix ADC and Gateway versions failed to properly validate user input, allowing low-privilege users to access sensitive information they shouldn't be able to see. This is a relatively small security gap that could leak data to unauthorized users.
Technical detail
Improper input validation in Citrix ADC, Gateway, and SDWAN WAN-OP allows authenticated low-privilege users to bypass access controls and disclose limited information. The vulnerability requires prior authentication and affects specific versions before the stated patch releases; the attack vector is network-based through malformed input.
Summary generated and translated by AI from the official description.
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPpublic PoCs found — 1
cve_referencepacketstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →