CVE-2020-8245: XSS
First published: Fri Sep 18 2020(Updated: )
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Application Delivery Controller Firmware | >=11.1<11.1-65.12 | |
| Citrix Application Delivery Controller Firmware | >=12.1<12.1-58.15 | |
| Citrix Application Delivery Controller Firmware | >=13.0<13.0-64.35 | |
| Citrix Application Delivery Controller | ||
| Citrix Gateway | >=11.1<11.1-65.12 | |
| Citrix Gateway | >=13.0<13.0-64.35 | |
| Citrix NetScaler Gateway | >=12.1<12.1-58.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8245?
CVE-2020-8245 is a vulnerability that affects Citrix ADC and Citrix Gateway, allowing improper input validation and potentially leading to code injection or privilege escalation.
How does CVE-2020-8245 impact Citrix ADC and Citrix Gateway?
CVE-2020-8245 allows attackers to exploit improper input validation in Citrix ADC and Citrix Gateway firmware versions 11.1-65.12 and earlier, 12.1-58.15 and earlier, and 13.0-64.35 and earlier, potentially leading to code injection or privilege escalation.
What is the severity of CVE-2020-8245?
CVE-2020-8245 has a severity rating of 6.1, which is considered medium.
How can I fix CVE-2020-8245?
To fix CVE-2020-8245, it is recommended to update to Citrix ADC and Citrix Gateway firmware versions 11.1-65.13, 12.1-58.16, or 13.0-64.36, or apply the appropriate patches provided by Citrix.
Where can I find more information about CVE-2020-8245?
You can find more information about CVE-2020-8245 on the official Citrix support website: https://support.citrix.com/article/CTX281474
- collector/nvd-index
- vendor/citrix
- canonical/citrix application delivery controller firmware
- version/citrix application delivery controller firmware/11.1
- version/citrix application delivery controller firmware/12.1
- version/citrix application delivery controller firmware/13.0
- canonical/citrix application delivery controller
- canonical/citrix gateway
- version/citrix gateway/11.1
- version/citrix gateway/13.0
- canonical/citrix netscaler gateway
- version/citrix netscaler gateway/12.1