What is CVE-2020-8196?

CVE-2020-8196 is an information disclosure vulnerability in Citrix ADC Gateway and SD-WAN WANOP Appliance.

What is the severity of CVE-2020-8196?

The severity of CVE-2020-8196 is medium with a CVSS score of 4.3.

What is affected by CVE-2020-8196?

Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, as well as Citrix SD-WAN WAN-OP versions before 11.1.1a, 11.0.3d, and 10.2.7 are affected by CVE-2020-8196.

How can I fix CVE-2020-8196?

Upgrade Citrix ADC and Citrix Gateway to versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, or 10.5-70.18, and upgrade Citrix SD-WAN WAN-OP to versions 11.1.1a, 11.0.3d, or 10.2.7 to fix CVE-2020-8196.

Where can I find more information about CVE-2020-8196?

You can find more information about CVE-2020-8196 on the following references: [Packet Storm Security](http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html) and [Citrix Support Article CTX276688](https://support.citrix.com/article/CTX276688).

Vulnerability/
CVE-2020-8196

Exploited

medium

4.3

CWE

287 284

10/7/2020

21/11/2024

CVE-2020-8196: Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability

First published: Fri Jul 10 2020(Updated: )

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Citrix Application Delivery Controller Firmware	>=10.5<10.5-70.18
Citrix Application Delivery Controller Firmware	>=11.1<11.1-64.14
Citrix Application Delivery Controller Firmware	>=12.0<12.0-63.21
Citrix Application Delivery Controller Firmware	>=12.1<12.1-57.18
Citrix Application Delivery Controller Firmware	>=13.0<13.0-58.30
Citrix Application Delivery Controller
Citrix Netscaler Gateway Firmware	>=10.5<10.5-70.18
Citrix Netscaler Gateway Firmware	>=11.1<11.1-64.14
Citrix Netscaler Gateway Firmware	>=12.0<12.0-63.21
Citrix Netscaler Gateway Firmware	>=12.1<12.1-57.18
Citrix NetScaler Gateway
Citrix Gateway Firmware	>=13.0<13.0-58.30
Citrix Gateway
Citrix SD-WAN WANOP	>=10.2<10.2.7
Citrix SD-WAN WANOP	>=11.0<11.0.3d
Citrix SD-WAN WANOP	>=11.1<11.1.1a
Citrix 4000-wo
Citrix 4100-wo
Citrix 5000-wo
Citrix 5100-wo
Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
All of
Any of
Citrix Application Delivery Controller Firmware	>=10.5<10.5-70.18
Citrix Application Delivery Controller Firmware	>=11.1<11.1-64.14
Citrix Application Delivery Controller Firmware	>=12.0<12.0-63.21
Citrix Application Delivery Controller Firmware	>=12.1<12.1-57.18
Citrix Application Delivery Controller Firmware	>=13.0<13.0-58.30
Citrix Application Delivery Controller
All of
Any of
Citrix Netscaler Gateway Firmware	>=10.5<10.5-70.18
Citrix Netscaler Gateway Firmware	>=11.1<11.1-64.14
Citrix Netscaler Gateway Firmware	>=12.0<12.0-63.21
Citrix Netscaler Gateway Firmware	>=12.1<12.1-57.18
Citrix NetScaler Gateway
All of
Citrix Gateway Firmware	>=13.0<13.0-58.30
Citrix Gateway
All of
Any of
Citrix SD-WAN WANOP	>=10.2<10.2.7
Citrix SD-WAN WANOP	>=11.0<11.0.3d
Citrix SD-WAN WANOP	>=11.1<11.1.1a
Any of
Citrix 4000-wo
Citrix 4100-wo
Citrix 5000-wo
Citrix 5100-wo

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-8196?
CVE-2020-8196 is an information disclosure vulnerability in Citrix ADC Gateway and SD-WAN WANOP Appliance.
What is the severity of CVE-2020-8196?
The severity of CVE-2020-8196 is medium with a CVSS score of 4.3.
What is affected by CVE-2020-8196?
Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, as well as Citrix SD-WAN WAN-OP versions before 11.1.1a, 11.0.3d, and 10.2.7 are affected by CVE-2020-8196.
How can I fix CVE-2020-8196?
Upgrade Citrix ADC and Citrix Gateway to versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, or 10.5-70.18, and upgrade Citrix SD-WAN WAN-OP to versions 11.1.1a, 11.0.3d, or 10.2.7 to fix CVE-2020-8196.
Where can I find more information about CVE-2020-8196?
You can find more information about CVE-2020-8196 on the following references: [Packet Storm Security](http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html) and [Citrix Support Article CTX276688](https://support.citrix.com/article/CTX276688).

collector/nvd-index
agent/weakness
agent/type
agent/description
agent/softwarecombine
agent/title
agent/severity
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/references
agent/tags
collector/nvd-cve
source/NVD
vendor/citrix
canonical/citrix application delivery controller firmware
version/citrix application delivery controller firmware/10.5
version/citrix application delivery controller firmware/11.1
version/citrix application delivery controller firmware/12.0
version/citrix application delivery controller firmware/12.1
version/citrix application delivery controller firmware/13.0
canonical/citrix application delivery controller
canonical/citrix netscaler gateway firmware
version/citrix netscaler gateway firmware/10.5
version/citrix netscaler gateway firmware/11.1
version/citrix netscaler gateway firmware/12.0
version/citrix netscaler gateway firmware/12.1
canonical/citrix netscaler gateway
canonical/citrix gateway firmware
version/citrix gateway firmware/13.0
canonical/citrix gateway
canonical/citrix sd-wan wanop
version/citrix sd-wan wanop/10.2
version/citrix sd-wan wanop/11.0
version/citrix sd-wan wanop/11.1
canonical/citrix 4000-wo
canonical/citrix 4100-wo
canonical/citrix 5000-wo
canonical/citrix 5100-wo
canonical/citrix application delivery controller (adc), gateway, and sd-wan wanop appliance