Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8300

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.

Published

2021-06-16T14:15:08.440

Last Modified

2024-11-21T05:38:41.320

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-284
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application citrix gateway < 12.1-62.23 Yes
Application citrix gateway < 13.0-82.41 Yes
Application citrix netscaler_gateway < 11.1-65.20 Yes
Operating System citrix application_delivery_controller_firmware < 11.1-65.20 Yes
Operating System citrix application_delivery_controller_firmware < 12.1-62.23 Yes
Operating System citrix application_delivery_controller_firmware < 13.0-82.41 Yes
Hardware citrix application_delivery_controller - No
Operating System citrix application_delivery_controller_firmware < 12.1-55.238 Yes
Hardware citrix mpx\/sdx_14030_fips - No
Hardware citrix mpx\/sdx_14060_fips - No
Hardware citrix mpx\/sdx_14080_fips - No
Hardware citrix mpx_15030-50g_fips - No
Hardware citrix mpx_15040-50g_fips - No
Hardware citrix mpx_15060-50g_fips - No
Hardware citrix mpx_15080-50g_fips - No
Hardware citrix mpx_15100-50g_fips - No
Hardware citrix mpx_15120-50g_fips - No
Hardware citrix mpx_8905_fips - No
Hardware citrix mpx_8910_fips - No
Hardware citrix mpx_8920_fips - No
References