CVE-2020-8193

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 28, 2020
Published Date: July 10, 2020
Last Updated: February 07, 2025
Vendor: n/a
Product: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
Description: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2021-11-03 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2020-07-15 14:43:03 UTC) Source

References

https://support.citrix.com/article/CTX276688 http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-8193.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

ctlyz123/CVE-2020-8193

Type: github • Created: 2020-07-15 14:43:03 UTC • Stars: 2

PR3R00T/CVE-2020-8193-Citrix-Scanner

Type: github • Created: 2020-07-13 10:36:43 UTC • Stars: 8

Scanning for CVE-2020-8193 - Auth Bypass check

Airboi/Citrix-ADC-RCE-CVE-2020-8193

Type: github • Created: 2020-07-12 13:05:40 UTC • Stars: 45

Citrix ADC从权限绕过到RCE

jas502n/CVE-2020-8193

Type: github • Created: 2020-07-10 20:00:17 UTC • Stars: 87

Citrix ADC Vulns