CVE-2020-8196
CVE-2020-8196
In short
Citrix ADC, Gateway, and SD-WAN products had weak access controls that allowed low-privileged users to see information they shouldn't have access to. This could leak sensitive data to attackers with basic account access.
Technical detail
Improper access control (CWE-284) in Citrix ADC, Gateway, and SD-WAN WAN-OP allows authenticated low-privileged users to disclose limited sensitive information through insufficient authorization checks. The vulnerability affects multiple product versions and requires valid credentials to exploit, resulting in confidentiality impact without affecting integrity or availability.
Summary generated and translated by AI from the official description.
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPpublic PoCs found — 1
cve_referencepacketstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →