cvelistv5 - CVE-2020-8247

CVE-2020-8247 (GCVE-0-2020-8247)

Vulnerability from cvelistv5 – Published: 2020-09-18 20:12 – Updated: 2024-08-04 09:56

Summary

Severity ?

No CVSS data available.

CWE

CWE-269 - Improper Privilege Management (CWE-269)

Assigner

hackerone

References

URL

Tags

https://support.citrix.com/article/CTX281474

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP	Affected: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:28.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX281474"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management (CWE-269)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-18T20:12:32",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.citrix.com/article/CTX281474"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8247",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Privilege Management (CWE-269)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX281474",
              "refsource": "MISC",
              "url": "https://support.citrix.com/article/CTX281474"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8247",
    "datePublished": "2020-09-18T20:12:32",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:28.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1\", \"versionEndExcluding\": \"11.1-65.12\", \"matchCriteriaId\": \"AD2A238E-72C4-4D74-B902-2EE8E602AAC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-58.15\", \"matchCriteriaId\": \"1C991579-B6B8-4F07-9AF9-739452F1F5AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.0-64.35\", \"matchCriteriaId\": \"ED09F4AE-DCC6-4C7D-BFA1-D22E16893C97\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E69E10-6F40-4FE4-9D84-F6C25EAB79D8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1\", \"versionEndExcluding\": \"11.1-65.12\", \"matchCriteriaId\": \"2F98105E-37A4-46F4-BA82-A8E95372A370\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.0-64.35\", \"matchCriteriaId\": \"178C6CA9-0068-4225-A209-E13A880ED188\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-58.15\", \"matchCriteriaId\": \"CFAC08D1-1FE8-4910-9D50-F167537C7C91\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.2\", \"versionEndExcluding\": \"10.2.7b\", \"matchCriteriaId\": \"D76AEFBD-225E-45D3-B604-CAF0032BA861\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.0.3f\", \"matchCriteriaId\": \"7296BF8E-186C-4279-AF08-C3D1282322F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1\", \"versionEndExcluding\": \"11.1.2a\", \"matchCriteriaId\": \"92806100-D243-43CC-ACA7-DF9E95E2740D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2\", \"versionEndExcluding\": \"11.2.1a\", \"matchCriteriaId\": \"4FB67ED6-6586-4280-A521-E1EDA81C68BE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10F0ACFD-9D48-43F6-A45C-D5F0313BB952\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.\"}, {\"lang\": \"es\", \"value\": \"Citrix ADC y Citrix Gateway versiones 13.0 anteriores a 13.0-64.35, Citrix ADC y NetScaler Gateway versiones 12.1 anteriores a 12.1-58.15, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.187, Citrix ADC y NetScaler Gateway versi\\u00f3n 12.0, Citrix ADC y NetScaler Gateway versiones 11.1 anteriores a 11.1-65.12, Citrix SD-WAN WANOP versiones 11.2 anteriores a 11.2.1a, Citrix SD-WAN WANOP versiones 11.1 anteriores a 11.1.2a, Citrix SD-WAN WANOP versiones 11.0 anteriores a 11.0.3f, Citrix SD-WAN WANOP versiones 10.2 anteriores a 10.2.7b, son vulnerables a una escalada de privilegios en la interfaz de administraci\\u00f3n\"}]",
      "id": "CVE-2020-8247",
      "lastModified": "2024-11-21T05:38:35.100",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-09-18T21:15:13.327",
      "references": "[{\"url\": \"https://support.citrix.com/article/CTX281474\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.citrix.com/article/CTX281474\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8247\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2020-09-18T21:15:13.327\",\"lastModified\":\"2024-11-21T05:38:35.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.\"},{\"lang\":\"es\",\"value\":\"Citrix ADC y Citrix Gateway versiones 13.0 anteriores a 13.0-64.35, Citrix ADC y NetScaler Gateway versiones 12.1 anteriores a 12.1-58.15, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.187, Citrix ADC y NetScaler Gateway versi\u00f3n 12.0, Citrix ADC y NetScaler Gateway versiones 11.1 anteriores a 11.1-65.12, Citrix SD-WAN WANOP versiones 11.2 anteriores a 11.2.1a, Citrix SD-WAN WANOP versiones 11.1 anteriores a 11.1.2a, Citrix SD-WAN WANOP versiones 11.0 anteriores a 11.0.3f, Citrix SD-WAN WANOP versiones 10.2 anteriores a 10.2.7b, son vulnerables a una escalada de privilegios en la interfaz de administraci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1\",\"versionEndExcluding\":\"11.1-65.12\",\"matchCriteriaId\":\"AD2A238E-72C4-4D74-B902-2EE8E602AAC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-58.15\",\"matchCriteriaId\":\"1C991579-B6B8-4F07-9AF9-739452F1F5AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-64.35\",\"matchCriteriaId\":\"ED09F4AE-DCC6-4C7D-BFA1-D22E16893C97\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E69E10-6F40-4FE4-9D84-F6C25EAB79D8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1\",\"versionEndExcluding\":\"11.1-65.12\",\"matchCriteriaId\":\"2F98105E-37A4-46F4-BA82-A8E95372A370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-64.35\",\"matchCriteriaId\":\"178C6CA9-0068-4225-A209-E13A880ED188\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-58.15\",\"matchCriteriaId\":\"CFAC08D1-1FE8-4910-9D50-F167537C7C91\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.2\",\"versionEndExcluding\":\"10.2.7b\",\"matchCriteriaId\":\"D76AEFBD-225E-45D3-B604-CAF0032BA861\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.0.3f\",\"matchCriteriaId\":\"7296BF8E-186C-4279-AF08-C3D1282322F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1\",\"versionEndExcluding\":\"11.1.2a\",\"matchCriteriaId\":\"92806100-D243-43CC-ACA7-DF9E95E2740D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2\",\"versionEndExcluding\":\"11.2.1a\",\"matchCriteriaId\":\"4FB67ED6-6586-4280-A521-E1EDA81C68BE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F0ACFD-9D48-43F6-A45C-D5F0313BB952\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/article/CTX281474\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX281474\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-581

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Citrix ADC, Citrix Gateway et Citrix SD-WAN WANOP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une injection de code indirecte à distance (XSS).

Les possibilités d'exploitation des CVE-2020-8246 et CVE-2020-8247 peuvent être réduites si l'interface de management n'est accessible que depuis un réseau d'administration sécurisé et cloisonné. Le CERT-FR rappelle à ce titre, que des recommandations sont disponibles sur le site de l'ANSSI [1].

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur annonce que les versions corrigeant ces vulnérabilités (cf. systèmes affectés) sont également dotées de fonctionnalités contre l'insertion de requêtes HTTP clandestines (HTTP request smuggling).

Citrix ADC et Citrix Gateway 13.0 versions antérieures à 13.0-64.35
Citrix ADC et NetScaler Gateway 12.1 versions antérieures à 12.1-58.15
Citrix ADC 12.1 versions antérieures à 12.1-FIPS 12.1-55.187
Citrix ADC et NetScaler Gateway 11.x versions antérieures à 11.1-65.12
Citrix SD-WAN WANOP 11.2.x versions antérieures à 11.2.1a
Citrix SD-WAN WANOP 11.1.x versions antérieures à 11.1.2a
Citrix SD-WAN WANOP 11.0.x versions antérieures à 11.0.3f
Citrix SD-WAN WANOP 10.x versions antérieures à 10.2.7b

L'éditeur rappelle que les versions Citrix ADC et Citrix Gateway 12.0 ne sont plus maintenues et sont vulnérables.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX281474 du 18 septembre 2020	None	vendor-advisory
[1] Recommandations pour l'administration sécurisée des SI	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eCitrix ADC et Citrix Gateway 13.0 versions ant\u00e9rieures \u00e0 13.0-64.35\u003c/li\u003e \u003cli\u003eCitrix ADC et NetScaler Gateway 12.1 versions ant\u00e9rieures \u00e0 12.1-58.15\u003c/li\u003e \u003cli\u003eCitrix ADC 12.1 versions ant\u00e9rieures \u00e0 12.1-FIPS 12.1-55.187\u003c/li\u003e \u003cli\u003eCitrix ADC et NetScaler Gateway 11.x versions ant\u00e9rieures \u00e0 11.1-65.12\u003c/li\u003e \u003cli\u003eCitrix SD-WAN WANOP 11.2.x versions ant\u00e9rieures \u00e0 11.2.1a\u003c/li\u003e \u003cli\u003eCitrix SD-WAN WANOP 11.1.x versions ant\u00e9rieures \u00e0 11.1.2a\u003c/li\u003e \u003cli\u003eCitrix SD-WAN WANOP 11.0.x versions ant\u00e9rieures \u00e0 11.0.3f\u003c/li\u003e \u003cli\u003eCitrix SD-WAN WANOP 10.x versions ant\u00e9rieures \u00e0 10.2.7b\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur rappelle que les versions Citrix ADC et Citrix Gateway 12.0 ne sont plus maintenues et sont vuln\u00e9rables.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nL\u0027\u00e9diteur annonce que les versions corrigeant ces vuln\u00e9rabilit\u00e9s (cf.\nsyst\u00e8mes affect\u00e9s) sont \u00e9galement dot\u00e9es de fonctionnalit\u00e9s contre\nl\u0027insertion de requ\u00eates HTTP clandestines (*HTTP request smuggling*).\n",
  "cves": [
    {
      "name": "CVE-2020-8245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8245"
    },
    {
      "name": "CVE-2020-8246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8246"
    },
    {
      "name": "CVE-2020-8247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8247"
    }
  ],
  "links": [
    {
      "title": "[1] Recommandations pour l\u0027administration s\u00e9curis\u00e9e des SI",
      "url": "https://www.ssi.gouv.fr/administration/guide/securiser-ladministration-des-systemes-dinformation/"
    }
  ],
  "reference": "CERTFR-2020-AVI-581",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Citrix\nADC, Citrix Gateway et Citrix SD-WAN WANOP. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation\nde privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).\n\nLes possibilit\u00e9s d\u0027exploitation des CVE-2020-8246 et CVE-2020-8247\npeuvent \u00eatre r\u00e9duites si l\u0027interface de management n\u0027est accessible que\ndepuis un r\u00e9seau d\u0027administration s\u00e9curis\u00e9 et cloisonn\u00e9. Le CERT-FR\nrappelle \u00e0 ce titre, que des recommandations sont disponibles sur le\nsite de l\u0027ANSSI \\[1\\].\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX281474 du 18 septembre 2020",
      "url": "https://support.citrix.com/article/CTX281474"
    }
  ]
}

CERTFR-2020-AVI-581

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Citrix ADC et Citrix Gateway 13.0 versions antérieures à 13.0-64.35
Citrix ADC et NetScaler Gateway 12.1 versions antérieures à 12.1-58.15
Citrix ADC 12.1 versions antérieures à 12.1-FIPS 12.1-55.187
Citrix ADC et NetScaler Gateway 11.x versions antérieures à 11.1-65.12
Citrix SD-WAN WANOP 11.2.x versions antérieures à 11.2.1a
Citrix SD-WAN WANOP 11.1.x versions antérieures à 11.1.2a
Citrix SD-WAN WANOP 11.0.x versions antérieures à 11.0.3f
Citrix SD-WAN WANOP 10.x versions antérieures à 10.2.7b

L'éditeur rappelle que les versions Citrix ADC et Citrix Gateway 12.0 ne sont plus maintenues et sont vulnérables.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX281474 du 18 septembre 2020	None	vendor-advisory
[1] Recommandations pour l'administration sécurisée des SI	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eCitrix ADC et Citrix Gateway 13.0 versions ant\u00e9rieures \u00e0 13.0-64.35\u003c/li\u003e \u003cli\u003eCitrix ADC et NetScaler Gateway 12.1 versions ant\u00e9rieures \u00e0 12.1-58.15\u003c/li\u003e \u003cli\u003eCitrix ADC 12.1 versions ant\u00e9rieures \u00e0 12.1-FIPS 12.1-55.187\u003c/li\u003e \u003cli\u003eCitrix ADC et NetScaler Gateway 11.x versions ant\u00e9rieures \u00e0 11.1-65.12\u003c/li\u003e \u003cli\u003eCitrix SD-WAN WANOP 11.2.x versions ant\u00e9rieures \u00e0 11.2.1a\u003c/li\u003e \u003cli\u003eCitrix SD-WAN WANOP 11.1.x versions ant\u00e9rieures \u00e0 11.1.2a\u003c/li\u003e \u003cli\u003eCitrix SD-WAN WANOP 11.0.x versions ant\u00e9rieures \u00e0 11.0.3f\u003c/li\u003e \u003cli\u003eCitrix SD-WAN WANOP 10.x versions ant\u00e9rieures \u00e0 10.2.7b\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur rappelle que les versions Citrix ADC et Citrix Gateway 12.0 ne sont plus maintenues et sont vuln\u00e9rables.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nL\u0027\u00e9diteur annonce que les versions corrigeant ces vuln\u00e9rabilit\u00e9s (cf.\nsyst\u00e8mes affect\u00e9s) sont \u00e9galement dot\u00e9es de fonctionnalit\u00e9s contre\nl\u0027insertion de requ\u00eates HTTP clandestines (*HTTP request smuggling*).\n",
  "cves": [
    {
      "name": "CVE-2020-8245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8245"
    },
    {
      "name": "CVE-2020-8246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8246"
    },
    {
      "name": "CVE-2020-8247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8247"
    }
  ],
  "links": [
    {
      "title": "[1] Recommandations pour l\u0027administration s\u00e9curis\u00e9e des SI",
      "url": "https://www.ssi.gouv.fr/administration/guide/securiser-ladministration-des-systemes-dinformation/"
    }
  ],
  "reference": "CERTFR-2020-AVI-581",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Citrix\nADC, Citrix Gateway et Citrix SD-WAN WANOP. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation\nde privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).\n\nLes possibilit\u00e9s d\u0027exploitation des CVE-2020-8246 et CVE-2020-8247\npeuvent \u00eatre r\u00e9duites si l\u0027interface de management n\u0027est accessible que\ndepuis un r\u00e9seau d\u0027administration s\u00e9curis\u00e9 et cloisonn\u00e9. Le CERT-FR\nrappelle \u00e0 ce titre, que des recommandations sont disponibles sur le\nsite de l\u0027ANSSI \\[1\\].\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX281474 du 18 septembre 2020",
      "url": "https://support.citrix.com/article/CTX281474"
    }
  ]
}

GSD-2020-8247

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-8247

Aliases

CVE-2020-8247

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-8247",
    "description": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.",
    "id": "GSD-2020-8247"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-8247"
      ],
      "details": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.",
      "id": "GSD-2020-8247",
      "modified": "2023-12-13T01:21:54.208977Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2020-8247",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Privilege Management (CWE-269)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/article/CTX281474",
            "refsource": "MISC",
            "url": "https://support.citrix.com/article/CTX281474"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.1-65.12",
                    "versionStartIncluding": "11.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1-58.15",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.0-64.35",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.1-65.12",
                "versionStartIncluding": "11.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0-64.35",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-58.15",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.2.7b",
                    "versionStartIncluding": "10.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.0.3f",
                    "versionStartIncluding": "11.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.1.2a",
                    "versionStartIncluding": "11.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.2.1a",
                    "versionStartIncluding": "11.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2020-8247"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX281474",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.citrix.com/article/CTX281474"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-10-07T15:45Z",
      "publishedDate": "2020-09-18T21:15Z"
    }
  }
}

FKIE_CVE-2020-8247

Vulnerability from fkie_nvd - Published: 2020-09-18 21:15 - Updated: 2024-11-21 05:38

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	support@hackerone.com	https://support.citrix.com/article/CTX281474	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX281474	Vendor Advisory

Impacted products

Vendor	Product	Version
citrix	application_delivery_controller_firmware	*
citrix	application_delivery_controller_firmware	*
citrix	application_delivery_controller_firmware	*
citrix	application_delivery_controller	-
citrix	gateway	*
citrix	gateway	*
citrix	netscaler_gateway	*
citrix	sd-wan_wanop	*
citrix	sd-wan_wanop	*
citrix	sd-wan_wanop	*
citrix	sd-wan_wanop	*
citrix	sd-wan_wanop	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD2A238E-72C4-4D74-B902-2EE8E602AAC1",
              "versionEndExcluding": "11.1-65.12",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C991579-B6B8-4F07-9AF9-739452F1F5AA",
              "versionEndExcluding": "12.1-58.15",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED09F4AE-DCC6-4C7D-BFA1-D22E16893C97",
              "versionEndExcluding": "13.0-64.35",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F98105E-37A4-46F4-BA82-A8E95372A370",
              "versionEndExcluding": "11.1-65.12",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "178C6CA9-0068-4225-A209-E13A880ED188",
              "versionEndExcluding": "13.0-64.35",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFAC08D1-1FE8-4910-9D50-F167537C7C91",
              "versionEndExcluding": "12.1-58.15",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D76AEFBD-225E-45D3-B604-CAF0032BA861",
              "versionEndExcluding": "10.2.7b",
              "versionStartIncluding": "10.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7296BF8E-186C-4279-AF08-C3D1282322F0",
              "versionEndExcluding": "11.0.3f",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92806100-D243-43CC-ACA7-DF9E95E2740D",
              "versionEndExcluding": "11.1.2a",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB67ED6-6586-4280-A521-E1EDA81C68BE",
              "versionEndExcluding": "11.2.1a",
              "versionStartIncluding": "11.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F0ACFD-9D48-43F6-A45C-D5F0313BB952",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface."
    },
    {
      "lang": "es",
      "value": "Citrix ADC y Citrix Gateway versiones 13.0 anteriores a 13.0-64.35, Citrix ADC y NetScaler Gateway versiones 12.1 anteriores a 12.1-58.15, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.187, Citrix ADC y NetScaler Gateway versi\u00f3n 12.0, Citrix ADC y NetScaler Gateway versiones 11.1 anteriores a 11.1-65.12, Citrix SD-WAN WANOP versiones 11.2 anteriores a 11.2.1a, Citrix SD-WAN WANOP versiones 11.1 anteriores a 11.1.2a, Citrix SD-WAN WANOP versiones 11.0 anteriores a 11.0.3f, Citrix SD-WAN WANOP versiones 10.2 anteriores a 10.2.7b, son vulnerables a una escalada de privilegios en la interfaz de administraci\u00f3n"
    }
  ],
  "id": "CVE-2020-8247",
  "lastModified": "2024-11-21T05:38:35.100",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-18T21:15:13.327",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX281474"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX281474"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202009-1270

Vulnerability from variot - Updated: 2023-12-18 11:58

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface. plural Citrix The product contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Citrix Application Delivery Controller is an application delivery controller. The product has features such as application delivery control and load balancing. Several Citrix Systems products contain security vulnerabilities that could allow attackers to escalate privileges on the management interface

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202009-1270",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.1"
      },
      {
        "model": "sd-wan wanop",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.1.2a"
      },
      {
        "model": "sd-wan wanop",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.0.3f"
      },
      {
        "model": "sd-wan wanop",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "10.2"
      },
      {
        "model": "gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0-64.35"
      },
      {
        "model": "sd-wan wanop",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.0"
      },
      {
        "model": "gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.1-65.12"
      },
      {
        "model": "sd-wan wanop",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.2"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1-58.15"
      },
      {
        "model": "application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0-64.35"
      },
      {
        "model": "gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1"
      },
      {
        "model": "sd-wan wanop",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "10.2.7b"
      },
      {
        "model": "application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.1-65.12"
      },
      {
        "model": "application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1-58.15"
      },
      {
        "model": "gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.1"
      },
      {
        "model": "application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1"
      },
      {
        "model": "application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0"
      },
      {
        "model": "sd-wan wanop",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.1"
      },
      {
        "model": "sd-wan wanop",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.2.1a"
      },
      {
        "model": "citrix application delivery controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "citrix gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "netscaler gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "citrix sdwan wan-op",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-011868"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8247"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.1-65.12",
                    "versionStartIncluding": "11.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1-58.15",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.0-64.35",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.1-65.12",
                "versionStartIncluding": "11.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0-64.35",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-58.15",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.2.7b",
                    "versionStartIncluding": "10.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.0.3f",
                    "versionStartIncluding": "11.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.1.2a",
                    "versionStartIncluding": "11.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.2.1a",
                    "versionStartIncluding": "11.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8247"
      }
    ]
  },
  "cve": "CVE-2020-8247",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-8247",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-186372",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-8247",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-8247",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202009-1056",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-186372",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-011868"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1056"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface. plural Citrix The product contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Citrix Application Delivery Controller is an application delivery controller. The product has features such as application delivery control and load balancing. Several Citrix Systems products contain security vulnerabilities that could allow attackers to escalate privileges on the management interface",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-011868"
      },
      {
        "db": "VULHUB",
        "id": "VHN-186372"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-8247",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-011868",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1056",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3198",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-186372",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-011868"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1056"
      }
    ]
  },
  "id": "VAR-202009-1270",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186372"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:58:00.046000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CTX281474",
        "trust": 0.8,
        "url": "https://support.citrix.com/article/ctx281474"
      },
      {
        "title": "Citrix Systems Various product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128763"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-011868"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1056"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.1
      },
      {
        "problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-011868"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8247"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.citrix.com/article/ctx281474"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8247"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3198/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-011868"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1056"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-186372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-011868"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1056"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186372"
      },
      {
        "date": "2021-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-011868"
      },
      {
        "date": "2020-09-18T21:15:13.327000",
        "db": "NVD",
        "id": "CVE-2020-8247"
      },
      {
        "date": "2020-09-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202009-1056"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186372"
      },
      {
        "date": "2021-04-19T02:17:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-011868"
      },
      {
        "date": "2020-10-07T15:45:26.680000",
        "db": "NVD",
        "id": "CVE-2020-8247"
      },
      {
        "date": "2020-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202009-1056"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1056"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Citrix\u00a0 Product permission management vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-011868"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1056"
      }
    ],
    "trust": 0.6
  }
}

GHSA-3FGP-P3X8-6R59

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-8247"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-18T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.",
  "id": "GHSA-3fgp-p3x8-6r59",
  "modified": "2022-05-24T17:29:12Z",
  "published": "2022-05-24T17:29:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8247"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX281474"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-8247 (GCVE-0-2020-8247)

CERTFR-2020-AVI-581

Solution

CERTFR-2020-AVI-581

Solution

GSD-2020-8247

FKIE_CVE-2020-8247

VAR-202009-1270

GHSA-3FGP-P3X8-6R59

Tags

Sightings

Nomenclature