PT-2020-20017 · Citrix · Citrix Gateway+2

Published

2020-07-09

·

Updated

2020-07-13

·

CVE-2020-8194

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Citrix ADC and Citrix Gateway versions prior to 13.0-58.30 Citrix ADC and Citrix Gateway versions prior to 12.1-57.18 Citrix ADC and Citrix Gateway versions prior to 12.0-63.21 Citrix ADC and Citrix Gateway versions prior to 11.1-64.14 Citrix ADC and Citrix Gateway versions prior to 10.5-70.18 Citrix SDWAN WAN-OP versions prior to 11.1.1a Citrix SDWAN WAN-OP versions prior to 11.0.3d Citrix SDWAN WAN-OP versions prior to 10.2.7
Description The issue allows for reflected code injection, enabling the modification of a file download. There have been active exploit attempts targeting this vulnerability.
Recommendations For Citrix ADC and Citrix Gateway versions prior to 13.0-58.30, update to version 13.0-58.30 or later. For Citrix ADC and Citrix Gateway versions prior to 12.1-57.18, update to version 12.1-57.18 or later. For Citrix ADC and Citrix Gateway versions prior to 12.0-63.21, update to version 12.0-63.21 or later. For Citrix ADC and Citrix Gateway versions prior to 11.1-64.14, update to version 11.1-64.14 or later. For Citrix ADC and Citrix Gateway versions prior to 10.5-70.18, update to version 10.5-70.18 or later. For Citrix SDWAN WAN-OP versions prior to 11.1.1a, update to version 11.1.1a or later. For Citrix SDWAN WAN-OP versions prior to 11.0.3d, update to version 11.0.3d or later. For Citrix SDWAN WAN-OP versions prior to 10.2.7, update to version 10.2.7 or later.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-8194

Affected Products

Citrix Adc
Citrix Gateway
Citrix Sd-Wan Wanop