Details of VAR-202106-0490

ID

VAR-202106-0490

CVE

CVE-2020-8299

TITLE

plural Citrix Resource depletion vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-008429

DESCRIPTION

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance. plural Citrix The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Citrix Application Delivery Controller (ADC) is an application delivery controller. Nim, etc. are all products of the Nim (Nim) community. Nim is a statically typed programming language. There are resource management error vulnerabilities in many Citix products. This vulnerability originates from improper management of system resources by network systems or products. Attackers can use this vulnerability to cause denial of service

Trust: 1.71

sources: NVD: CVE-2020-8299 // JVNDB: JVNDB-2021-008429 // VULHUB: VHN-186424

AFFECTED PRODUCTS

vendor:	citrix	model:	gateway	scope:	lt	version:	12.1-61.18	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	10.2.9a	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	11.1	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	11.1	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	11.1-65.20	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	11.2.3a	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	11.3.2	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	12.1-55.238	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	13.0-76.29	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	lt	version:	11.1.2c	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	12.1	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	12.1-61.18	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	11.3	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	11.1	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	11.1-65.20	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	13.0	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	11.2	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	12.1	Trust: 1.0
vendor:	citrix	model:	sd-wan wanop	scope:	gte	version:	10.2	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	lt	version:	13.0-76.29	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	13.0	Trust: 1.0
vendor:	シトリックスシステムズ	model:	citrix gateway	scope:	-	version:	-	Trust: 0.8
vendor:	シトリックスシステムズ	model:	netscaler gateway	scope:	-	version:	-	Trust: 0.8
vendor:	シトリックスシステムズ	model:	citrix application delivery controller	scope:	-	version:	-	Trust: 0.8
vendor:	シトリックスシステムズ	model:	citrix sdwan wan-op	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008429 // NVD: CVE-2020-8299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8299
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8299
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202106-722
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186424
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-8299
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186424
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8299
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8299
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186424 // JVNDB: JVNDB-2021-008429 // CNNVD: CNNVD-202106-722 // NVD: CVE-2020-8299

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186424 // JVNDB: JVNDB-2021-008429 // NVD: CVE-2020-8299

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202106-722

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202106-722

PATCH

title:	CTX297155	url:	https://support.citrix.com/article/CTX297155	Trust: 0.8
title:	Citrix Systems NetScaler Gateway Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155265	Trust: 0.6

sources: JVNDB: JVNDB-2021-008429 // CNNVD: CNNVD-202106-722

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8299	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-008429	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.1992	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-722	Trust: 0.6
db:	VULHUB	id:	VHN-186424	Trust: 0.1

sources: VULHUB: VHN-186424 // JVNDB: JVNDB-2021-008429 // CNNVD: CNNVD-202106-722 // NVD: CVE-2020-8299

REFERENCES

url:	https://support.citrix.com/article/ctx297155	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8299	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.1992	Trust: 0.6

sources: VULHUB: VHN-186424 // JVNDB: JVNDB-2021-008429 // CNNVD: CNNVD-202106-722 // NVD: CVE-2020-8299

SOURCES

db:	VULHUB	id:	VHN-186424
db:	JVNDB	id:	JVNDB-2021-008429
db:	CNNVD	id:	CNNVD-202106-722
db:	NVD	id:	CVE-2020-8299

LAST UPDATE DATE

2024-08-14T13:23:32.791000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186424	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-008429	date:	2022-03-16T07:24:00
db:	CNNVD	id:	CNNVD-202106-722	date:	2021-06-28T00:00:00
db:	NVD	id:	CVE-2020-8299	date:	2021-06-24T20:23:38.283

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186424	date:	2021-06-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-008429	date:	2022-03-16T00:00:00
db:	CNNVD	id:	CNNVD-202106-722	date:	2021-06-09T00:00:00
db:	NVD	id:	CVE-2020-8299	date:	2021-06-16T14:15:08.107