CVE-2020-8193 — Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
2021-11-03 • CISA Known Exploited Vulnerability
[event] Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Citrix |
| Product | Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance |
| CWE | CWE-284 |
| CVE ID | CVE-2020-8193 |
| Date Added | 2021-11-03 |
| Due Date | 2022-05-03 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-05-03