Back to KEVs

CVE-2020-8195

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 28, 2020
Published Date: July 10, 2020
Last Updated: February 07, 2025
Vendor: n/a
Product: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
Description: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Tags

CVSS Scores

CVSS v3.1

6.5 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0

4.0

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2021-11-03 00:00:00 UTC) Source

References

https://support.citrix.com/article/CTX276688 http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Timeline

CVE ID Reserved

January 28, 2020
CVE Published to Public

July 10, 2020
Added to KEVIntel

November 03, 2021