Details of VAR-202009-1269

ID

VAR-202009-1269

CVE

CVE-2020-8246

TITLE

plural Citrix Resource depletion vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-011867

DESCRIPTION

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network. plural Citrix The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Citrix Application Delivery Controller is an application delivery controller. The product has features such as application delivery control and load balancing. Many Citrix Systems products have resource management vulnerabilities, which originate from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.71

sources: NVD: CVE-2020-8246 // JVNDB: JVNDB-2020-011867 // VULHUB: VHN-186371

AFFECTED PRODUCTS

vendor:	citrix	model:	application delivery controller	scope:	gte	version:	11.1	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	13.0	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	11.1-65.12	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	lt	version:	13.0-64.35	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	11.1	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	12.1	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	11.2.1a	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	11.0.3f	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	12.1-58.15	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	13.0-64.35	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	11.1.2a	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	12.1-58.15	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	11.0	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	13.0	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	12.1	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	10.2	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	10.2.7b	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	lt	version:	11.1-65.12	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	11.1	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	11.2	Trust: 1.0
vendor:	シトリックスシステムズ	model:	citrix application delivery controller	scope:	-	version:	-	Trust: 0.8
vendor:	シトリックスシステムズ	model:	citrix gateway	scope:	-	version:	-	Trust: 0.8
vendor:	シトリックスシステムズ	model:	netscaler gateway	scope:	-	version:	-	Trust: 0.8
vendor:	シトリックスシステムズ	model:	citrix sdwan wan-op	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-011867 // NVD: CVE-2020-8246

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8246
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-8246
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202009-1055
value:	HIGH
Trust: 0.6
VULHUB:	VHN-186371
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8246
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186371
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8246
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8246
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186371 // JVNDB: JVNDB-2020-011867 // CNNVD: CNNVD-202009-1055 // NVD: CVE-2020-8246

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186371 // JVNDB: JVNDB-2020-011867 // NVD: CVE-2020-8246

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1055

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1055

PATCH

title:	CTX281474	url:	https://support.citrix.com/article/CTX281474	Trust: 0.8
title:	Citrix Systems Various product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128762	Trust: 0.6

sources: JVNDB: JVNDB-2020-011867 // CNNVD: CNNVD-202009-1055

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8246	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-011867	Trust: 0.8
db:	CNNVD	id:	CNNVD-202009-1055	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3198	Trust: 0.6
db:	VULHUB	id:	VHN-186371	Trust: 0.1

sources: VULHUB: VHN-186371 // JVNDB: JVNDB-2020-011867 // CNNVD: CNNVD-202009-1055 // NVD: CVE-2020-8246

REFERENCES

url:	https://support.citrix.com/article/ctx281474	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8246	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3198/	Trust: 0.6

sources: VULHUB: VHN-186371 // JVNDB: JVNDB-2020-011867 // CNNVD: CNNVD-202009-1055 // NVD: CVE-2020-8246

SOURCES

db:	VULHUB	id:	VHN-186371
db:	JVNDB	id:	JVNDB-2020-011867
db:	CNNVD	id:	CNNVD-202009-1055
db:	NVD	id:	CVE-2020-8246

LAST UPDATE DATE

2024-11-23T21:59:01.263000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186371	date:	2020-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-011867	date:	2021-04-19T02:17:00
db:	CNNVD	id:	CNNVD-202009-1055	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2020-8246	date:	2024-11-21T05:38:34.983

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186371	date:	2020-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-011867	date:	2021-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202009-1055	date:	2020-09-18T00:00:00
db:	NVD	id:	CVE-2020-8246	date:	2020-09-18T21:15:13.263