CVE-2020-8193

MEDIUM KEV NUCLEI

Citrix ADC/Gateway <13.0-58.30 - Info Disclosure

Title source: llm

Description

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

Exploits (5)

nomisec WORKING POC 86 stars
by jas502n · infoleak
https://github.com/jas502n/CVE-2020-8193
nomisec WORKING POC 45 stars
by Airboi · remote
https://github.com/Airboi/Citrix-ADC-RCE-CVE-2020-8193
nomisec SCANNER 8 stars
by PR3R00T · remote
https://github.com/PR3R00T/CVE-2020-8193-Citrix-Scanner
nomisec WRITEUP 6 stars
by Zeop-CyberSec · remote
https://github.com/Zeop-CyberSec/citrix_adc_netscaler_lfi
nomisec WORKING POC 2 stars
by ctlyz123 · poc
https://github.com/ctlyz123/CVE-2020-8193

Nuclei Templates (1)

Citrix - Local File Inclusion
MEDIUMby pdteam

References (3)

Scores

CVSS v3 6.5
EPSS 0.9432
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitation Intel

CISA KEV 2021-11-03
VulnCheck KEV 2020-09-15
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-29070

Classification

CWE
CWE-284 CWE-287
Status published

Affected Products (4)

citrix/application_delivery_controller_firmware < 10.5-70.18
citrix/netscaler_gateway_firmware < 10.5-70.18
citrix/gateway_firmware < 13.0-58.30
citrix/sd-wan_wanop < 10.2.7

Timeline

Published Jul 10, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026