CVE-2020-8246 - OpenCVE

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Netscaler Gateway Application Delivery Controller Sd-wan Wanop Gateway Application Delivery Controller Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:citrix:application_delivery_controller_firmware::::::::
	cpe:2.3:o:citrix:application_delivery_controller_firmware::::::::
	cpe:2.3:o:citrix:application_delivery_controller_firmware::::::::

cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:citrix:gateway::::::::
	cpe:2.3:a:citrix:gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::

Configuration 3 [-]

AND

OR	cpe:2.3:o:citrix:sd-wan_wanop::::::::
	cpe:2.3:o:citrix:sd-wan_wanop::::::::
	cpe:2.3:o:citrix:sd-wan_wanop::::::::
	cpe:2.3:o:citrix:sd-wan_wanop::::::::

cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.citrix.com/article/CTX281474	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2020-09-18T20:12:26

Updated: 2020-09-18T20:12:26

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8246

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-18T21:15:13.263

Modified: 2020-10-07T15:43:45.350

Link: CVE-2020-8246

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"containers": {"cna": {"affected": [{"product": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP ", "vendor": "n/a", "versions": [{"status": "affected", "version": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b"}]}], "descriptions": [{"lang": "en", "value": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "Denial of Service (CWE-400)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-18T20:12:26", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.citrix.com/article/CTX281474"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8246", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP ", "version": {"version_data": [{"version_value": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service (CWE-400)"}]}]}, "references": {"reference_data": [{"name": "https://support.citrix.com/article/CTX281474", "refsource": "MISC", "url": "https://support.citrix.com/article/CTX281474"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8246", "datePublished": "2020-09-18T20:12:26", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2020-09-18T20:12:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD2A238E-72C4-4D74-B902-2EE8E602AAC1", "versionEndExcluding": "11.1-65.12", "versionStartIncluding": "11.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C991579-B6B8-4F07-9AF9-739452F1F5AA", "versionEndExcluding": "12.1-58.15", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED09F4AE-DCC6-4C7D-BFA1-D22E16893C97", "versionEndExcluding": "13.0-64.35", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F98105E-37A4-46F4-BA82-A8E95372A370", "versionEndExcluding": "11.1-65.12", "versionStartIncluding": "11.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "178C6CA9-0068-4225-A209-E13A880ED188", "versionEndExcluding": "13.0-64.35", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFAC08D1-1FE8-4910-9D50-F167537C7C91", "versionEndExcluding": "12.1-58.15", "versionStartIncluding": "12.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", "matchCriteriaId": "D76AEFBD-225E-45D3-B604-CAF0032BA861", "versionEndExcluding": "10.2.7b", "versionStartIncluding": "10.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", "matchCriteriaId": "7296BF8E-186C-4279-AF08-C3D1282322F0", "versionEndExcluding": "11.0.3f", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", "matchCriteriaId": "92806100-D243-43CC-ACA7-DF9E95E2740D", "versionEndExcluding": "11.1.2a", "versionStartIncluding": "11.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FB67ED6-6586-4280-A521-E1EDA81C68BE", "versionEndExcluding": "11.2.1a", "versionStartIncluding": "11.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*", "matchCriteriaId": "10F0ACFD-9D48-43F6-A45C-D5F0313BB952", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network."}, {"lang": "es", "value": "Citrix ADC y Citrix Gateway versiones 13.0 anteriores a 13.0-64.35, Citrix ADC y NetScaler Gateway versiones 12.1 anteriores a 12.1-58.15, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.187, Citrix ADC y NetScaler Gateway versi\u00f3n 12.0, Citrix ADC y NetScaler Gateway versiones 11.1 anteriores a 11.1-65.12, Citrix SD-WAN WANOP versiones 11.2 anteriores a 11.2.1a, Citrix SD-WAN WANOP versiones 11.1 anteriores a 11.1.2a, Citrix SD-WAN WANOP versiones 11.0 anteriores a 11.0.3f, Citrix SD-WAN WANOP versiones 10.2 anteriores a 10.2.7b, son vulnerables a un ataque de denegaci\u00f3n de servicio que se origina en la red de administraci\u00f3n"}], "id": "CVE-2020-8246", "lastModified": "2020-10-07T15:43:45.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-18T21:15:13.263", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX281474"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "support@hackerone.com", "type": "Secondary"}]}