CVE-2020-8299 (GCVE-0-2020-8299)

Vulnerability from cvelistv5 – Published: 2021-06-16 13:08 – Updated: 2024-08-04 09:56
VLAI?
Summary
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
Severity ?
No CVSS data available.
CWE
  • CWE-400 - Denial of Service (CWE-400)
Assigner
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition Affected: Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:28.408Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX297155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Denial of Service (CWE-400)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-16T13:08:22",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.citrix.com/article/CTX297155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8299",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (CWE-400)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX297155",
              "refsource": "MISC",
              "url": "https://support.citrix.com/article/CTX297155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8299",
    "datePublished": "2021-06-16T13:08:22",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:28.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-61.18\", \"matchCriteriaId\": \"871316FC-14DC-41BE-971B-61FBE11D5ABF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.0-76.29\", \"matchCriteriaId\": \"FAA24333-CF47-45C2-81E3-C990095920D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1\", \"versionEndExcluding\": \"11.1-65.20\", \"matchCriteriaId\": \"D77B2AD2-BAF1-4FD3-B7C5-88AC1B130971\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1\", \"versionEndExcluding\": \"11.1-65.20\", \"matchCriteriaId\": \"E178AA28-B24F-4565-A314-1E58AAC54648\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-61.18\", \"matchCriteriaId\": \"7AEBA65F-2FEA-45B2-9118-8781258BC28D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.0-76.29\", \"matchCriteriaId\": \"7F78FBC6-84A1-4D99-8D70-BA5AF4B1F2BD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E69E10-6F40-4FE4-9D84-F6C25EAB79D8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-55.238\", \"matchCriteriaId\": \"8BEBCAD2-581F-4217-8425-46C03584E673\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx\\\\/sdx_14030_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCB11BC1-0702-436F-BFE2-14B38B118D99\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx\\\\/sdx_14060_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8569B182-D0A7-414B-B0A3-4DD2FAB44F69\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx\\\\/sdx_14080_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F60729DF-EDC8-4462-ABD2-6E4199F22701\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B789F02A-56CB-4871-9D9D-FAB0F31A72A1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06699186-E7E4-463C-8844-77B2A750B985\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"848169A6-CAD7-4E14-BC5D-B2E94DC93CCB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C69709C-885A-4F19-899D-A7B5CE7066EF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B2136C1-8AB6-4C70-87F4-1F8A93A876C9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"492323D2-339D-404C-BB9B-E09ABB87FA2B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB83185D-DD6F-47CD-B500-499F9EF65093\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.2\", \"versionEndExcluding\": \"10.2.9a\", \"matchCriteriaId\": \"E2E30C0C-32F2-4257-B946-600E3123A0D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1\", \"versionEndExcluding\": \"11.1.2c\", \"matchCriteriaId\": \"469E2490-71B8-48FB-A032-08922C75339A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2\", \"versionEndExcluding\": \"11.2.3a\", \"matchCriteriaId\": \"56A52140-F4AE-4616-91E7-FF941EA26343\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.3\", \"versionEndExcluding\": \"11.3.2\", \"matchCriteriaId\": \"974341A5-6B06-4975-9406-CF41AB0E92F6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.\"}, {\"lang\": \"es\", \"value\": \"Citrix ADC y Citrix/NetScaler Gateway versiones 13.0 anteriores a 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.238, y Citrix SD-WAN WANOP Edition versiones anteriores a 11.4.0, 11. 3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a, sufren un consumo no controlado de recursos mediante una denegaci\\u00f3n de servicio basada en la red desde el mismo segmento de red de capa 2. Tome en cuenta que el atacante debe estar en el mismo segmento de red de capa 2 que el dispositivo vulnerable\"}]",
      "id": "CVE-2020-8299",
      "lastModified": "2024-11-21T05:38:41.210",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 3.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.5, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-06-16T14:15:08.107",
      "references": "[{\"url\": \"https://support.citrix.com/article/CTX297155\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.citrix.com/article/CTX297155\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8299\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2021-06-16T14:15:08.107\",\"lastModified\":\"2024-11-21T05:38:41.210\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.\"},{\"lang\":\"es\",\"value\":\"Citrix ADC y Citrix/NetScaler Gateway versiones 13.0 anteriores a 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.238, y Citrix SD-WAN WANOP Edition versiones anteriores a 11.4.0, 11. 3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a, sufren un consumo no controlado de recursos mediante una denegaci\u00f3n de servicio basada en la red desde el mismo segmento de red de capa 2. Tome en cuenta que el atacante debe estar en el mismo segmento de red de capa 2 que el dispositivo vulnerable\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":3.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-61.18\",\"matchCriteriaId\":\"871316FC-14DC-41BE-971B-61FBE11D5ABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-76.29\",\"matchCriteriaId\":\"FAA24333-CF47-45C2-81E3-C990095920D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1\",\"versionEndExcluding\":\"11.1-65.20\",\"matchCriteriaId\":\"D77B2AD2-BAF1-4FD3-B7C5-88AC1B130971\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1\",\"versionEndExcluding\":\"11.1-65.20\",\"matchCriteriaId\":\"E178AA28-B24F-4565-A314-1E58AAC54648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-61.18\",\"matchCriteriaId\":\"7AEBA65F-2FEA-45B2-9118-8781258BC28D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-76.29\",\"matchCriteriaId\":\"7F78FBC6-84A1-4D99-8D70-BA5AF4B1F2BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E69E10-6F40-4FE4-9D84-F6C25EAB79D8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.238\",\"matchCriteriaId\":\"8BEBCAD2-581F-4217-8425-46C03584E673\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx\\\\/sdx_14030_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCB11BC1-0702-436F-BFE2-14B38B118D99\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx\\\\/sdx_14060_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8569B182-D0A7-414B-B0A3-4DD2FAB44F69\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx\\\\/sdx_14080_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F60729DF-EDC8-4462-ABD2-6E4199F22701\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B789F02A-56CB-4871-9D9D-FAB0F31A72A1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06699186-E7E4-463C-8844-77B2A750B985\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"848169A6-CAD7-4E14-BC5D-B2E94DC93CCB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C69709C-885A-4F19-899D-A7B5CE7066EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B2136C1-8AB6-4C70-87F4-1F8A93A876C9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"492323D2-339D-404C-BB9B-E09ABB87FA2B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB83185D-DD6F-47CD-B500-499F9EF65093\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.2\",\"versionEndExcluding\":\"10.2.9a\",\"matchCriteriaId\":\"E2E30C0C-32F2-4257-B946-600E3123A0D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1\",\"versionEndExcluding\":\"11.1.2c\",\"matchCriteriaId\":\"469E2490-71B8-48FB-A032-08922C75339A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2\",\"versionEndExcluding\":\"11.2.3a\",\"matchCriteriaId\":\"56A52140-F4AE-4616-91E7-FF941EA26343\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.3\",\"versionEndExcluding\":\"11.3.2\",\"matchCriteriaId\":\"974341A5-6B06-4975-9406-CF41AB0E92F6\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/article/CTX297155\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX297155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.