FKIE_CVE-2020-8300

Vulnerability from fkie_nvd - Published: 2021-06-16 14:15 - Updated: 2024-11-21 05:38
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
References
support@hackerone.comhttps://support.citrix.com/article/CTX297155Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.citrix.com/article/CTX297155Vendor Advisory
Impacted products
Vendor Product Version
citrix gateway *
citrix gateway *
citrix netscaler_gateway *
citrix application_delivery_controller_firmware *
citrix application_delivery_controller_firmware *
citrix application_delivery_controller_firmware *
citrix application_delivery_controller -
citrix application_delivery_controller_firmware *
citrix mpx\/sdx_14030_fips -
citrix mpx\/sdx_14060_fips -
citrix mpx\/sdx_14080_fips -
citrix mpx_15030-50g_fips -
citrix mpx_15040-50g_fips -
citrix mpx_15060-50g_fips -
citrix mpx_15080-50g_fips -
citrix mpx_15100-50g_fips -
citrix mpx_15120-50g_fips -
citrix mpx_8905_fips -
citrix mpx_8910_fips -
citrix mpx_8920_fips -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "003574BC-2C37-44D6-9F5E-E931F5ECE169",
              "versionEndExcluding": "12.1-62.23",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE6C6C5-2C85-484E-A61A-C17096C4D9F7",
              "versionEndExcluding": "13.0-82.41",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D77B2AD2-BAF1-4FD3-B7C5-88AC1B130971",
              "versionEndExcluding": "11.1-65.20",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E178AA28-B24F-4565-A314-1E58AAC54648",
              "versionEndExcluding": "11.1-65.20",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "024F407E-F369-4B9C-BC3C-5CB0FF613526",
              "versionEndExcluding": "12.1-62.23",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5675439-B8C6-4ABD-8D53-F2D9BB49F33D",
              "versionEndExcluding": "13.0-82.41",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BEBCAD2-581F-4217-8425-46C03584E673",
              "versionEndExcluding": "12.1-55.238",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCB11BC1-0702-436F-BFE2-14B38B118D99",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8569B182-D0A7-414B-B0A3-4DD2FAB44F69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F60729DF-EDC8-4462-ABD2-6E4199F22701",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B789F02A-56CB-4871-9D9D-FAB0F31A72A1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699186-E7E4-463C-8844-77B2A750B985",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C69709C-885A-4F19-899D-A7B5CE7066EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "492323D2-339D-404C-BB9B-E09ABB87FA2B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB83185D-DD6F-47CD-B500-499F9EF65093",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible."
    },
    {
      "lang": "es",
      "value": "Citrix ADC y Citrix/NetScaler Gateway versiones anteriores a 13.0-82.41, 12.1-62.23, 11.1-65.20 y Citrix ADC 12.1-FIPS versiones anteriores a 12.1-55.238, sufren de un control de acceso inapropiado que permite el secuestro de la autenticaci\u00f3n SAML mediante un ataque de phishing para robar una sesi\u00f3n de usuario v\u00e1lida. Tome en cuenta que Citrix ADC o Citrix Gateway deben estar configurados como un SP SAML o un IdP SAML para que esto sea posible"
    }
  ],
  "id": "CVE-2020-8300",
  "lastModified": "2024-11-21T05:38:41.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-16T14:15:08.440",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX297155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX297155"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.