Citrix ADC - Reflected Code Injection (CVE-2020-8194)
- Severity
- CVSSv3 Score
- 6.5
- Vulnerability description
Citrix ADC/Gateway/Netscaler is affected by a Reflected Code Injection vulnerability. The root cause of this vulnerability is that the server did not properly validate the user input. An unauthenticated attacker can execute arbitrary code on the server, like reading/writing files or creating/deleting a directory.
- Risk description
The risk exists that a remote unauthenticated attacker can read any file on the server in order to steal confidential information or execute limited arbitrary code.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Apply the latest updates for the Citrix ADC/Gateway.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Jul 2020
- Published at
- Updated at
- Software Type
- Firewall
- Vendor
- Citrix
- Product
- ADC/Gateway