CVE-2020-8299 - OpenCVE

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Application Delivery Controller Application Delivery Controller Firmware Gateway Mpx\/sdx 14030 Fips Mpx\/sdx 14060 Fips Mpx\/sdx 14080 Fips Mpx 15030-50g Fips Mpx 15040-50g Fips Mpx 15060-50g Fips Mpx 15080-50g Fips Mpx 15100-50g Fips Mpx 15120-50g Fips Mpx 8905 Fips Mpx 8910 Fips Mpx 8920 Fips Netscaler Gateway Sd-wan Wanop

Configuration 1 [-]

OR	cpe:2.3:a:citrix:gateway::::::::
	cpe:2.3:a:citrix:gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::

Configuration 2 [-]

AND

cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:citrix:application_delivery_controller_firmware::::::::
	cpe:2.3:o:citrix:application_delivery_controller_firmware::::::::
	cpe:2.3:o:citrix:application_delivery_controller_firmware::::::::

Configuration 3 [-]

AND

OR	cpe:2.3:h:citrix:mpx\/sdx_14030_fips:-:::::::*
	cpe:2.3:h:citrix:mpx\/sdx_14060_fips:-:::::::*
	cpe:2.3:h:citrix:mpx\/sdx_14080_fips:-:::::::*
	cpe:2.3:h:citrix:mpx_15030-50g_fips:-:::::::*
	cpe:2.3:h:citrix:mpx_15040-50g_fips:-:::::::*
	cpe:2.3:h:citrix:mpx_15060-50g_fips:-:::::::*
	cpe:2.3:h:citrix:mpx_15080-50g_fips:-:::::::*
	cpe:2.3:h:citrix:mpx_15100-50g_fips:-:::::::*
	cpe:2.3:h:citrix:mpx_15120-50g_fips:-:::::::*
	cpe:2.3:h:citrix:mpx_8905_fips:-:::::::*
	cpe:2.3:h:citrix:mpx_8910_fips:-:::::::*
	cpe:2.3:h:citrix:mpx_8920_fips:-:::::::*

cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:citrix:sd-wan_wanop::::::::
	cpe:2.3:o:citrix:sd-wan_wanop::::::::
	cpe:2.3:o:citrix:sd-wan_wanop::::::::
	cpe:2.3:o:citrix:sd-wan_wanop::::::::

No data.

References

Link	Providers
https://support.citrix.com/article/CTX297155

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2021-06-16T13:08:22

Updated: 2024-08-04T09:56:28.408Z

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8299

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-16T14:15:08.107

Modified: 2021-06-24T20:23:38.283

Link: CVE-2020-8299

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object