First published: Fri Jul 10 2020(Updated: )
Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Citrix Application Delivery Controller Firmware | >=10.5<10.5-70.18 | |
Citrix Application Delivery Controller Firmware | >=11.1<11.1-64.14 | |
Citrix Application Delivery Controller Firmware | >=12.0<12.0-63.21 | |
Citrix Application Delivery Controller Firmware | >=12.1<12.1-57.18 | |
Citrix Application Delivery Controller Firmware | >=13.0<13.0-58.30 | |
Citrix Application Delivery Controller | ||
Citrix Netscaler Gateway Firmware | >=10.5<10.5-70.18 | |
Citrix Netscaler Gateway Firmware | >=11.1<11.1-64.14 | |
Citrix Netscaler Gateway Firmware | >=12.0<12.0-63.21 | |
Citrix Netscaler Gateway Firmware | >=12.1<12.1-57.18 | |
Citrix NetScaler Gateway | ||
Citrix Gateway Firmware | >=13.0<13.0-58.30 | |
Citrix Gateway |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8197 is a privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18 that allows a low privileged user with management access to execute arbitrary commands.
Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18 are affected by CVE-2020-8197.
CVE-2020-8197 has a severity rating of 8.8 (high).
To fix CVE-2020-8197, update Citrix ADC and Citrix Gateway to versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, or 10.5-70.18, which are not affected by the vulnerability.
More information about CVE-2020-8197 can be found in the Citrix article at https://support.citrix.com/article/CTX276688.