CVE-2020-8193
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 28, 2020
- Published Date
- July 10, 2020
- Last Updated
- October 21, 2025
- Vendor
- Citrix
- Product
- Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
- Description
- Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- partial
- Exploited in the Wild
- Yes (2021-11-03 00:00:00 UTC) Source
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS v2.0
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
SSVC Information
Exploit Status
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |
| CISA | 2021-11-03 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-8193.yaml | 2025-04-25 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
ctlyz123/CVE-2020-8193
Type: github • Created: 2020-07-15 14:43:03 UTC • Stars: 2
PR3R00T/CVE-2020-8193-Citrix-Scanner
Type: github • Created: 2020-07-13 10:36:43 UTC • Stars: 8
Airboi/Citrix-ADC-RCE-CVE-2020-8193
Type: github • Created: 2020-07-12 13:05:40 UTC • Stars: 45
jas502n/CVE-2020-8193
Type: github • Created: 2020-07-10 20:00:17 UTC • Stars: 87
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Added to KEVIntel
-
Detected by Nuclei