CVE-2020-8299
First published: Wed Jun 16 2021(Updated: )
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Gateway | >=12.1<12.1-61.18 | |
| Citrix Gateway | >=13.0<13.0-76.29 | |
| Citrix NetScaler Gateway | >=11.1<11.1-65.20 | |
| Citrix Application Delivery Controller Firmware | >=11.1<11.1-65.20 | |
| Citrix Application Delivery Controller Firmware | >=12.1<12.1-61.18 | |
| Citrix Application Delivery Controller Firmware | >=13.0<13.0-76.29 | |
| Citrix Application Delivery Controller | ||
| Citrix Application Delivery Controller Firmware | >=12.1<12.1-55.238 | |
| Citrix Mpx\/sdx 14030 Fips | ||
| Citrix Mpx\/sdx 14060 Fips | ||
| Citrix Mpx\/sdx 14080 Fips | ||
| Citrix Mpx 15030-50g Fips | ||
| Citrix Mpx 15040-50g Fips | ||
| Citrix Mpx 15060-50g Fips | ||
| Citrix Mpx 15080-50g Fips | ||
| Citrix Mpx 15100-50g Fips | ||
| Citrix Mpx 15120-50g Fips | ||
| Citrix Mpx 8905 Fips | ||
| Citrix Mpx 8910 Fips | ||
| Citrix Mpx 8920 Fips | ||
| Citrix SD-WAN WANOP | >=10.2<10.2.9a | |
| Citrix SD-WAN WANOP | >=11.1<11.1.2c | |
| Citrix SD-WAN WANOP | >=11.2<11.2.3a | |
| Citrix SD-WAN WANOP | >=11.3<11.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8299?
CVE-2020-8299 is a vulnerability in Citrix ADC and Citrix/NetScaler Gateway that allows for uncontrolled resource consumption by way of a network-based denial-of-service attack.
Which versions of Citrix ADC and Citrix/NetScaler Gateway are affected by CVE-2020-8299?
Citrix ADC and Citrix/NetScaler Gateway versions 13.0 before 13.0-76.29, 12.1 before 12.1-61.18, and 11.1 before 11.1-65.20 are affected by CVE-2020-8299.
How severe is CVE-2020-8299?
CVE-2020-8299 has a severity rating of 6.5, which is considered medium.
How can I fix CVE-2020-8299?
To fix CVE-2020-8299, update your Citrix ADC or Citrix/NetScaler Gateway software to versions 13.0-76.29, 12.1-61.18, or 11.1-65.20.
Where can I find more information about CVE-2020-8299?
You can find more information about CVE-2020-8299 in the Citrix support article: https://support.citrix.com/article/CTX297155
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- vendor/citrix
- canonical/citrix gateway
- version/citrix gateway/12.1
- version/citrix gateway/13.0
- canonical/citrix netscaler gateway
- version/citrix netscaler gateway/11.1
- canonical/citrix application delivery controller firmware
- version/citrix application delivery controller firmware/11.1
- version/citrix application delivery controller firmware/12.1
- version/citrix application delivery controller firmware/13.0
- canonical/citrix application delivery controller
- canonical/citrix mpx\/sdx 14030 fips
- canonical/citrix mpx\/sdx 14060 fips
- canonical/citrix mpx\/sdx 14080 fips
- canonical/citrix mpx 15030-50g fips
- canonical/citrix mpx 15040-50g fips
- canonical/citrix mpx 15060-50g fips
- canonical/citrix mpx 15080-50g fips
- canonical/citrix mpx 15100-50g fips
- canonical/citrix mpx 15120-50g fips
- canonical/citrix mpx 8905 fips
- canonical/citrix mpx 8910 fips
- canonical/citrix mpx 8920 fips
- canonical/citrix sd-wan wanop
- version/citrix sd-wan wanop/10.2
- version/citrix sd-wan wanop/11.1
- version/citrix sd-wan wanop/11.2
- version/citrix sd-wan wanop/11.3