CVE-2020-8193

Description from NVD

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

Information Acquisition Date:2021-04-27T10:47Z
CVSS 2.0: 5.0 MEDIUM CVSS 3.x: 6.5 MEDIUM

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:N/I:P/A:N

NVD References

 https://support.citrix.com/article/CTX276688
     source:MISC
     tags:Vendor Advisory    
 http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html
     source:MISC
     tags:

Description from Forti

Citrix ADC Gateway SDWAN WAN-OP report Authentication Bypass

This indicates an attack attempt to exploit a Authentication Bypass Vulnerability in Citrix ADC, Gateway, and SDWAN WAN-OP.This vulnerability is due to improper authentication on certain HTTP endpoints in the vulnerable application. Successful exploitation could lead to the elevation of privileges for unauthenticated users.

Information Acquisition Date:2020/08/01

Affected Products

Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18
Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7

Impact

Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://support.citrix.com/article/CTX276688

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://lists.astaro.com/ASGV9-IPS-rules.html16
http://canyoupwn.me6
https://github.com/jas502n/CVE-2020-81934
https://twitter.com/marcwrogers/status/12809381921331855364
http://tweetedtimes.com/Pentest101MX?s=tnp4
https://support.citrix.com/article/CTX2766884
https://dmaasland.github.io/posts/citrix.html4
http://bit.ly/3
https://www.tenable.com/blog/cve-2020-8193-cve-2020-8195-an...3
http://newsbythehour.org/cybr3
https://www.checkpoint.com/defense/advisories/public/2020/c...3
https://www.proofpoint.com/us/daily-ruleset-update-summary-...3
https://research.nccgroup.com/2020/07/10/rift-citrix-adc-vu...3
https://ipssignatures.appspot.com/?cve=CVE-2020-81933

Information from Twitter

User URL Info Source Date
MarcelBilal https://github.com/ipcis/Citrix_ADC_Gateway_Check Source MarcelBilal      1609225688229318661 2023/01/01
MarcelBilal https://twitter.com/MarcelBilal/status/1609225688229318661/... Source MarcelBilal      1609225688229318661 2023/01/01

List of frequently cited URLs

URLNum of Times Referred to
lists.astaro.com16
canyoupwn.me6
github.com4
twitter.com4
tweetedtimes.com4
support.citrix.com4
dmaasland.github.io4
bit.ly3
www.tenable.com3
newsbythehour.org3
www.checkpoint.com3
www.proofpoint.com3
research.nccgroup.com3
ipssignatures.appspot.com3

Information from Twitter

User URL Info Source
MarcelBilal github.com Show Tweet
MarcelBilal twitter.com Show Tweet
GitHub Search Results: Up to 10
NameURL
jas502n/CVE-2020-8193 https://github.com/jas502n/CVE-2020-8193
Airboi/Citrix-ADC-RCE-CVE-2020-8193 https://github.com/Airboi/Citrix-ADC-RCE-CVE-2020-8193
PR3R00T/CVE-2020-8193-Citrix-Scanner https://github.com/PR3R00T/CVE-2020-8193-Citrix-Scanner
Zeop-CyberSec/citrix_adc_netscaler_lfi https://github.com/Zeop-CyberSec/citrix_adc_netscaler_lfi
ctlyz123/CVE-2020-8193 https://github.com/ctlyz123/CVE-2020-8193
GitHub Search Results: Up to 10
NameURL
jas502n/CVE-2020-8193 github.com
Airboi/Citrix-ADC-RCE-CVE-2020-8193 github.com
PR3R00T/CVE-2020-8193-Citrix-Scanner github.com
Zeop-CyberSec/citrix_adc_netscaler_lfi github.com
ctlyz123/CVE-2020-8193 github.com
2023/01/01 Score : 1
Added Har-sia Database : 2020/07/08
Last Modified : 2023/01/01
Highest Scored Date : 2020/07/11
Highest Score : 39