CVE-2020-8247
First published: Fri Sep 18 2020(Updated: )
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Application Delivery Controller Firmware | >=11.1<11.1-65.12 | |
| Citrix Application Delivery Controller Firmware | >=12.1<12.1-58.15 | |
| Citrix Application Delivery Controller Firmware | >=13.0<13.0-64.35 | |
| Citrix Application Delivery Controller | ||
| Citrix Gateway | >=11.1<11.1-65.12 | |
| Citrix Gateway | >=13.0<13.0-64.35 | |
| Citrix NetScaler Gateway | >=12.1<12.1-58.15 | |
| Citrix SD-WAN WANOP | >=10.2<10.2.7b | |
| Citrix SD-WAN WANOP | >=11.0<11.0.3f | |
| Citrix SD-WAN WANOP | >=11.1<11.1.2a | |
| Citrix SD-WAN WANOP | >=11.2<11.2.1a | |
| Citrix SD-WAN WANOP |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Citrix ADC and Citrix Gateway vulnerability?
The vulnerability ID for this Citrix ADC and Citrix Gateway vulnerability is CVE-2020-8247.
What is the severity of CVE-2020-8247?
CVE-2020-8247 has a severity rating of 8.8 (High).
Which software versions are affected by CVE-2020-8247?
CVE-2020-8247 affects Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, and Citrix SD-WAN WANOP 11.0.3f.
How can I fix the CVE-2020-8247 vulnerability?
To fix the CVE-2020-8247 vulnerability, it is recommended to upgrade to the patched Citrix ADC and Citrix Gateway versions: 13.0-64.35, 12.1-58.15, 12.1-55.187, or apply the necessary security updates provided by Citrix.
Where can I find more information about CVE-2020-8247?
You can find more information about CVE-2020-8247 on the Citrix support website: https://support.citrix.com/article/CTX281474
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/tags
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/citrix
- canonical/citrix application delivery controller firmware
- version/citrix application delivery controller firmware/11.1
- version/citrix application delivery controller firmware/12.1
- version/citrix application delivery controller firmware/13.0
- canonical/citrix application delivery controller
- canonical/citrix gateway
- version/citrix gateway/11.1
- version/citrix gateway/13.0
- canonical/citrix netscaler gateway
- version/citrix netscaler gateway/12.1
- canonical/citrix sd-wan wanop
- version/citrix sd-wan wanop/10.2
- version/citrix sd-wan wanop/11.0
- version/citrix sd-wan wanop/11.1
- version/citrix sd-wan wanop/11.2