Citrix ADC - Arbitrary File Read (CVE-2020-8193, CVE-2020-8195, CVE-2020-8196) (CVE-2020-8193, CVE-2020-8195, CVE-2020-8196)
- Severity
- CVSSv3 Score
- 6.5
- Vulnerability description
Citrix ADC, Citrix Gateway, Netscaler Gateway and Citrix SDWAN WAN-OP are affected by an Arbitrary File Read vulnerability, through an authorization bypass. The root cause of this vulnerability is that the server did not properly restrict access to the vulnerable exposed endpoint. An attacker can send crafted requests to the NSIP address to bypass the administration login. This can lead to information disclosure vulnerabilities (CVE-2020-8195, CVE-2020-8196), where an attacker can view sensitive files, including configuration files.
- Risk description
The risk exists that a remote unauthenticated attacker can read any file on the server in order to steal confidential information.
- Exploit capabilities
Sniper can read arbitrary files from the target system and extract them as evidence.
- Recommendation
Apply the latest patch, which fixes this vulnerability.
- References
https://nvd.nist.gov/vuln/detail/CVE-2020-8193
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Jul 2020
- Published at
- Updated at
- Software Type
- Firewall
- Vendor
- Citrix
- Product
- ADC/Gateway