HomePentest-Tools.com Logo

Citrix ADC - Reflected Code Injection (CVE-2020-8194)

Severity
CVSSv3 Score
6.5
Vulnerability description

Citrix ADC/Gateway/Netscaler is affected by a Reflected Code Injection vulnerability. The root cause of this vulnerability is that the server did not properly validate the user input. An unauthenticated attacker can execute arbitrary code on the server, like reading/writing files or creating/deleting a directory.

Risk description

The risk exists that a remote unauthenticated attacker can read any file on the server in order to steal confidential information or execute limited arbitrary code.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Apply the latest updates for the Citrix ADC/Gateway.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Jul 2020
Published at
Updated at
Software Type
Firewall
Vendor
Citrix
Product
ADC/Gateway