CVE-2020-8197
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/07/2020
Last modified:
21/07/2021
Description
Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* | 10.5 (including) | 10.5-70.18 (excluding) |
| cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* | 11.1 (including) | 11.1-64.14 (excluding) |
| cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* | 12.0 (including) | 12.0-63.21 (excluding) |
| cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* | 12.1 (including) | 12.1-57.18 (excluding) |
| cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* | 13.0 (including) | 13.0-58.30 (excluding) |
| cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:* | 10.5 (including) | 10.5-70.18 (excluding) |
| cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:* | 11.1 (including) | 11.1-64.14 (excluding) |
| cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:* | 12.0 (including) | 12.0-63.21 (excluding) |
| cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:* | 12.1 (including) | 12.1-57.18 (excluding) |
| cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:* | 13.0 (including) | 13.0-58.30 (excluding) |
| cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page