[ SB 20.15 ] Auth-Bypass in Citrix-Gateways/ADC (CVE-2020-8193)

A critical vuln was published in an advisory by Citrix, allowing an attacker with access to the Management-Interface of Citrix ADC, Citrix Gateway or Citrix SDWAN WAN-OP, full System compromise.

While Citrix did not provide any CVSS, we expect 9.0 and above.

from the advisory:

Multiple vulnerabilities have been discovered in Citrix ADC  (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway)  and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues including:

Attacks that are limited to the management interface (3.400 instances exposed online)

  • System compromise by an unauthenticated user on the management network.
  • System compromise through Cross Site Scripting (XSS) on the management interface
  • Creation of a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, may result in the compromise of their local computer.



Fragen? Kontakt: info@zero.bs