PT-2020-20056 · Citrix · Citrix Gateway+3

Published

2020-09-18

Updated

2020-10-07

CVE-2020-8247

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Citrix ADC and Citrix Gateway versions 13.0 through 13.0-64.34 Citrix ADC and NetScaler Gateway versions 12.1 through 12.1-58.14 Citrix ADC 12.1-FIPS versions 12.1 through 12.1-55.186 Citrix ADC and NetScaler Gateway version 12.0 Citrix ADC and NetScaler Gateway versions 11.1 through 11.1-65.11 Citrix SD-WAN WANOP versions 11.2 through 11.2.0 Citrix SD-WAN WANOP versions 11.1 through 11.1.1 Citrix SD-WAN WANOP versions 11.0 through 11.0.2 Citrix SD-WAN WANOP versions 10.2 through 10.2.6

Description The issue allows escalation of privileges on the management interface.

Recommendations For Citrix ADC and Citrix Gateway version 13.0, update to version 13.0-64.35 or later. For Citrix ADC and NetScaler Gateway version 12.1, update to version 12.1-58.15 or later. For Citrix ADC 12.1-FIPS, update to version 12.1-55.187 or later. For Citrix ADC and NetScaler Gateway version 12.0, update to a version that is not vulnerable. For Citrix ADC and NetScaler Gateway version 11.1, update to version 11.1-65.12 or later. For Citrix SD-WAN WANOP version 11.2, update to version 11.2.1a or later. For Citrix SD-WAN WANOP version 11.1, update to version 11.1.2a or later. For Citrix SD-WAN WANOP version 11.0, update to version 11.0.3f or later. For Citrix SD-WAN WANOP version 10.2, update to version 10.2.7b or later.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2020-8247

Affected Products

Citrix Adc

Citrix Gateway

Citrix Sd-Wan Wanop

Netscaler Gateway

PT-2020-20056 · Citrix · Citrix Gateway+3

CVE-2020-8247

Weakness Enumeration

Related Identifiers

Affected Products

References · 3