Vulnerability Details : CVE-2020-8247
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.
Products affected by CVE-2020-8247
- Citrix » Application Delivery Controller FirmwareVersions from including (>=) 12.1 and before (<) 12.1-58.15cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*
- Citrix » Application Delivery Controller FirmwareVersions from including (>=) 11.1 and before (<) 11.1-65.12cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*
- Citrix » Application Delivery Controller FirmwareVersions from including (>=) 13.0 and before (<) 13.0-64.35cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8247
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8247
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-8247
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2020-8247
-
https://support.citrix.com/article/CTX281474
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security UpdateVendor Advisory
Jump to