CVE-2020-8196

Name of the Vulnerable Software and Affected Versions Citrix ADC versions prior to 13.0-58.30 Citrix ADC versions prior to 12.1-57.18 Citrix ADC versions prior to 12.0-63.21 Citrix ADC versions prior to 11.1-64.14 Citrix ADC versions prior to 10.5-70.18 Citrix Gateway versions prior to 13.0-58.30 Citrix Gateway versions prior to 12.1-57.18 Citrix Gateway versions prior to 12.0-63.21 Citrix Gateway versions prior to 11.1-64.14 Citrix Gateway versions prior to 10.5-70.18 Citrix SDWAN WAN-OP versions prior to 11.1.1a Citrix SDWAN WAN-OP versions prior to 11.0.3d Citrix SDWAN WAN-OP versions prior to 10.2.7

Description The issue is related to improper access control in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP, resulting in limited information disclosure to low-privileged users. This is due to deficiencies in the authentication procedure, which can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations For Citrix ADC versions prior to 13.0-58.30, update to version 13.0-58.30 or later. For Citrix ADC versions prior to 12.1-57.18, update to version 12.1-57.18 or later. For Citrix ADC versions prior to 12.0-63.21, update to version 12.0-63.21 or later. For Citrix ADC versions prior to 11.1-64.14, update to version 11.1-64.14 or later. For Citrix ADC versions prior to 10.5-70.18, update to version 10.5-70.18 or later. For Citrix Gateway versions prior to 13.0-58.30, update to version 13.0-58.30 or later. For Citrix Gateway versions prior to 12.1-57.18, update to version 12.1-57.18 or later. For Citrix Gateway versions prior to 12.0-63.21, update to version 12.0-63.21 or later. For Citrix Gateway versions prior to 11.1-64.14, update to version 11.1-64.14 or later. For Citrix Gateway versions prior to 10.5-70.18, update to version 10.5-70.18 or later. For Citrix SDWAN WAN-OP versions prior to 11.1.1a, update to version 11.1.1a or later. For Citrix SDWAN WAN-OP versions prior to 11.0.3d, update to version 11.0.3d or later. For Citrix SDWAN WAN-OP versions prior to 10.2.7, update to version 10.2.7 or later.