CVE-2020-8196

MEDIUM KEV RANSOMWARE

Citrix ADC/Gateway <13.0-58.30 - Info Disclosure

Title source: llm

Description

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

References (3)

Scores

CVSS v3 4.3
EPSS 0.6620
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitation Intel

CISA KEV 2021-11-03
VulnCheck KEV 2020-09-15
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-29073
Ransomware Use Confirmed

Classification

CWE
CWE-284 CWE-287
Status published

Affected Products (4)

citrix/application_delivery_controller_firmware < 10.5-70.18
citrix/netscaler_gateway_firmware < 10.5-70.18
citrix/gateway_firmware < 13.0-58.30
citrix/sd-wan_wanop < 10.2.7

Timeline

Published Jul 10, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026