Details of VAR-202009-1270

ID

VAR-202009-1270

CVE

CVE-2020-8247

TITLE

plural Citrix Product permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-011868

DESCRIPTION

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface. plural Citrix The product contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Citrix Application Delivery Controller is an application delivery controller. The product has features such as application delivery control and load balancing. Several Citrix Systems products contain security vulnerabilities that could allow attackers to escalate privileges on the management interface

Trust: 1.71

sources: NVD: CVE-2020-8247 // JVNDB: JVNDB-2020-011868 // VULHUB: VHN-186372

AFFECTED PRODUCTS

vendor:	citrix	model:	application delivery controller	scope:	gte	version:	11.1	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	13.0	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	11.1-65.12	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	lt	version:	13.0-64.35	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	11.1	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	12.1	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	11.2.1a	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	11.0.3f	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	12.1-58.15	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	13.0-64.35	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	11.1.2a	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	12.1-58.15	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	11.0	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	13.0	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	12.1	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	10.2	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	10.2.7b	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	lt	version:	11.1-65.12	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	11.1	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	11.2	Trust: 1.0
vendor:	シトリックスシステムズ	model:	citrix application delivery controller	scope:	-	version:	-	Trust: 0.8
vendor:	シトリックスシステムズ	model:	citrix gateway	scope:	-	version:	-	Trust: 0.8
vendor:	シトリックスシステムズ	model:	netscaler gateway	scope:	-	version:	-	Trust: 0.8
vendor:	シトリックスシステムズ	model:	citrix sdwan wan-op	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-011868 // NVD: CVE-2020-8247

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8247
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-8247
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202009-1056
value:	HIGH
Trust: 0.6
VULHUB:	VHN-186372
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8247
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186372
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8247
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8247
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186372 // JVNDB: JVNDB-2020-011868 // CNNVD: CNNVD-202009-1056 // NVD: CVE-2020-8247

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186372 // JVNDB: JVNDB-2020-011868 // NVD: CVE-2020-8247

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1056

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-1056

PATCH

title:	CTX281474	url:	https://support.citrix.com/article/CTX281474	Trust: 0.8
title:	Citrix Systems Various product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128763	Trust: 0.6

sources: JVNDB: JVNDB-2020-011868 // CNNVD: CNNVD-202009-1056

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8247	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-011868	Trust: 0.8
db:	CNNVD	id:	CNNVD-202009-1056	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3198	Trust: 0.6
db:	VULHUB	id:	VHN-186372	Trust: 0.1

sources: VULHUB: VHN-186372 // JVNDB: JVNDB-2020-011868 // CNNVD: CNNVD-202009-1056 // NVD: CVE-2020-8247

REFERENCES

url:	https://support.citrix.com/article/ctx281474	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8247	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3198/	Trust: 0.6

sources: VULHUB: VHN-186372 // JVNDB: JVNDB-2020-011868 // CNNVD: CNNVD-202009-1056 // NVD: CVE-2020-8247

SOURCES

db:	VULHUB	id:	VHN-186372
db:	JVNDB	id:	JVNDB-2020-011868
db:	CNNVD	id:	CNNVD-202009-1056
db:	NVD	id:	CVE-2020-8247

LAST UPDATE DATE

2024-11-23T21:59:01.313000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186372	date:	2020-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-011868	date:	2021-04-19T02:17:00
db:	CNNVD	id:	CNNVD-202009-1056	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2020-8247	date:	2024-11-21T05:38:35.100

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186372	date:	2020-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-011868	date:	2021-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202009-1056	date:	2020-09-18T00:00:00
db:	NVD	id:	CVE-2020-8247	date:	2020-09-18T21:15:13.327