Citrix ADC - Reflected Code Injection (CVE-2020-8194)

Name: Citrix ADC - Reflected Code Injection (CVE-2020-8194)
Published: 2021-09-15T00:00:00.000Z

Severity
CVE: CVE-2020-8194
CVSSv3 Score: 6.5
Exploitable with Sniper: Yes
Vulnerability description: Citrix ADC/Gateway/Netscaler is affected by a Reflected Code Injection vulnerability. The root cause of this vulnerability is that the server did not properly validate the user input. An unauthenticated attacker can execute arbitrary code on the server, like reading/writing files or creating/deleting a directory.
Exploit capabilities: Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
Risk description: The risk exists that a remote unauthenticated attacker can read any file on the server in order to steal confidential information or execute limited arbitrary code.
Recommendation: Apply the latest updates for the Citrix ADC/Gateway.
References: https://nvd.nist.gov/vuln/detail/CVE-2020-8194
Detectable with: Network Scanner
Vuln date: Jul 2020
Published at: Sep 2021
Updated at: Sep 2021
Software Type: Firewall
Vendor: Citrix
Product: ADC/Gateway
Codename: Not available