4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
32.5%
Multiple vulnerabilities have been discovered in Citrix ADC(formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited,could result in the following security issues:
CVE-ID | Description | CWE | Affected Products | Pre-conditions |
---|---|---|---|---|
CVE-2020-8299 | Network-based denial-of-service from within the same Layer 2networksegment | |||
CWE-400: Uncontrolled Resource Consumption | ||||
Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition | Theattackermachinemustbe inthesameLayer 2networksegmentas the vulnerableappliance | |||
CVE-2020-8300 | SAML authentication hijack through a phishing attack to steal a valid user session | CWE-284: Improper access control | Citrix ADC, Citrix Gateway | Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP |
The following supported versions of Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition areaffected by CVE-2020-8299:
The following supported versions of Citrix ADC and Citrix Gateway areaffected by CVE-2020-8300:
These issues have already been addressed in Citrix-managed cloud services such as Citrix Gateway Service and Citrix Secure Workspace Access. Customers using Citrix-managed services do not need to take any additional action.
CPE | Name | Operator | Version |
---|---|---|---|
citrix adc | ge | 13.0 | |
citrix adc | le | 76.29 | |
citrix adc | ge | 14.0.0 | |
citrix adc | ge | 15.0.0 | |
citrix adc | ge | 16.0.0 | |
citrix adc | ge | 17.0.0 | |
citrix adc | ge | 18.0.0 | |
citrix adc | ge | 19.0.0 | |
citrix adc | ge | 20.0.0 | |
citrix adc | ge | 21.0.0 |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
32.5%