Lucene search

HackeroneCVE-2020-8190

HistoryJul 10, 2020 - 4:15 p.m.

CVE-2020-8190

2020-07-1016:15:12

CWE-281

hackerone

web.nvd.nist.gov

In Wild

cve

2020

8190

incorrect file permissions

citrix adc

citrix gateway

privilege escalation

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.

Affected configurations

Nvd

Node

citrixapplication_delivery_controllerMatch-

AND

citrixapplication_delivery_controller_firmwareRange10.5–10.5-70.18

citrixapplication_delivery_controller_firmwareRange11.1–11.1-64.14

citrixapplication_delivery_controller_firmwareRange12.0–12.0-63.21

citrixapplication_delivery_controller_firmwareRange12.1–12.1-57.18

citrixapplication_delivery_controller_firmwareRange13.0–13.0-58.30

Node

citrixnetscaler_gatewayMatch-

AND

citrixnetscaler_gateway_firmwareRange10.5–10.5-70.18

citrixnetscaler_gateway_firmwareRange11.1–11.1-64.14

citrixnetscaler_gateway_firmwareRange12.0–12.0-63.21

citrixnetscaler_gateway_firmwareRange12.1–12.1-57.18

Node

citrixgatewayMatch-

AND

citrixgateway_firmwareRange13.0–13.0-58.30

VendorProductVersionCPE
citrixapplication_delivery_controller-cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*
citrixapplication_delivery_controller_firmware*cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*
citrixnetscaler_gateway-cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*
citrixnetscaler_gateway_firmware*cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*
citrixgateway-cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*
citrixgateway_firmware*cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
citrix	application_delivery_controller	-	cpe:2.3:h:citrix:application_delivery_controller:-:::::::*
citrix	application_delivery_controller_firmware	*	cpe:2.3:o:citrix:application_delivery_controller_firmware::::::::
citrix	netscaler_gateway	-	cpe:2.3:h:citrix:netscaler_gateway:-:::::::*
citrix	netscaler_gateway_firmware	*	cpe:2.3:o:citrix:netscaler_gateway_firmware::::::::
citrix	gateway	-	cpe:2.3:h:citrix:gateway:-:::::::*
citrix	gateway_firmware	*	cpe:2.3:o:citrix:gateway_firmware::::::::

CNA Affected

[
  {
    "product": "Citrix ADC, Citrix Gateway",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18"
      }
    ]
  }
]

References

support.citrix.com/article/CTX276688

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Related for CVE-2020-8190