Improper input validation in Citrix Adc, Gateway, Sdwan Wan-op
CVE-2020-8195
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information d…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.717 (98.8th percentile) — read the EPSS interpretation.
Affected products
- N/a Citrix Adc, Gateway, Sdwan Wan-op — versions Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- support.citrix.com/article/CTX276688 (x_refsource_MISC)
- packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-8195?
- CVE-2020-8195 is a vulnerability in Citrix Adc, Gateway, Sdwan Wan-op, classified under Improper Input Validation. Published 2020-07-10.
- Is CVE-2020-8195 known to be exploited?
- Yes. CVE-2020-8195 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 15 public proof-of-concept repositories are indexed.