HomePentest-Tools.com Logo

Citrix ADC - Arbitrary File Read (CVE-2020-8193, CVE-2020-8195, CVE-2020-8196) (CVE-2020-8193, CVE-2020-8195, CVE-2020-8196)

Severity
CVSSv3 Score
6.5
Vulnerability description

Citrix ADC, Citrix Gateway, Netscaler Gateway and Citrix SDWAN WAN-OP are affected by an Arbitrary File Read vulnerability, through an authorization bypass. The root cause of this vulnerability is that the server did not properly restrict access to the vulnerable exposed endpoint. An attacker can send crafted requests to the NSIP address to bypass the administration login. This can lead to information disclosure vulnerabilities (CVE-2020-8195, CVE-2020-8196), where an attacker can view sensitive files, including configuration files.

Risk description

The risk exists that a remote unauthenticated attacker can read any file on the server in order to steal confidential information.

Exploit capabilities

Sniper can read arbitrary files from the target system and extract them as evidence.

Recommendation

Apply the latest patch, which fixes this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Jul 2020
Published at
Updated at
Software Type
Firewall
Vendor
Citrix
Product
ADC/Gateway