CVE-2020-8300
First published: Wed Jun 16 2021(Updated: )
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Gateway | >=12.1<12.1-62.23 | |
| Citrix Gateway | >=13.0<13.0-82.41 | |
| Citrix NetScaler Gateway | >=11.1<11.1-65.20 | |
| Citrix Application Delivery Controller Firmware | >=11.1<11.1-65.20 | |
| Citrix Application Delivery Controller Firmware | >=12.1<12.1-62.23 | |
| Citrix Application Delivery Controller Firmware | >=13.0<13.0-82.41 | |
| Citrix Application Delivery Controller | ||
| Citrix Application Delivery Controller Firmware | >=12.1<12.1-55.238 | |
| Citrix Mpx\/sdx 14030 Fips | ||
| Citrix Mpx\/sdx 14060 Fips | ||
| Citrix Mpx\/sdx 14080 Fips | ||
| Citrix Mpx 15030-50g Fips | ||
| Citrix Mpx 15040-50g Fips | ||
| Citrix Mpx 15060-50g Fips | ||
| Citrix Mpx 15080-50g Fips | ||
| Citrix Mpx 15100-50g Fips | ||
| Citrix Mpx 15120-50g Fips | ||
| Citrix Mpx 8905 Fips | ||
| Citrix Mpx 8910 Fips | ||
| Citrix Mpx 8920 Fips |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-8300.
What is the severity level of CVE-2020-8300?
The severity level of CVE-2020-8300 is medium.
What is the affected software for CVE-2020-8300?
The affected software for CVE-2020-8300 includes Citrix ADC, Citrix/NetScaler Gateway, and Citrix Application Delivery Controller Firmware.
What is the impact of CVE-2020-8300?
CVE-2020-8300 allows for improper access control, which can lead to SAML authentication hijack through a phishing attack and the ability to steal a valid user session.
Where can I find more information about CVE-2020-8300?
You can find more information about CVE-2020-8300 at the following reference: [Citrix Support](https://support.citrix.com/article/CTX297155)
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/description
- agent/type
- agent/event
- vendor/citrix
- canonical/citrix gateway
- version/citrix gateway/12.1
- version/citrix gateway/13.0
- canonical/citrix netscaler gateway
- version/citrix netscaler gateway/11.1
- canonical/citrix application delivery controller firmware
- version/citrix application delivery controller firmware/11.1
- version/citrix application delivery controller firmware/12.1
- version/citrix application delivery controller firmware/13.0
- canonical/citrix application delivery controller
- canonical/citrix mpx\/sdx 14030 fips
- canonical/citrix mpx\/sdx 14060 fips
- canonical/citrix mpx\/sdx 14080 fips
- canonical/citrix mpx 15030-50g fips
- canonical/citrix mpx 15040-50g fips
- canonical/citrix mpx 15060-50g fips
- canonical/citrix mpx 15080-50g fips
- canonical/citrix mpx 15100-50g fips
- canonical/citrix mpx 15120-50g fips
- canonical/citrix mpx 8905 fips
- canonical/citrix mpx 8910 fips
- canonical/citrix mpx 8920 fips