CVE-2020-8299

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

Published: Jun 16, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-8299
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 3.3
AV:A/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
citrix / netscaler_gateway	11.1	11.1-65.20
citrix / gateway	12.1	12.1-61.18
citrix / gateway	13.0	13.0-76.29
citrix / application_delivery_controller_firmware	11.1	11.1-65.20
citrix / application_delivery_controller_firmware	12.1	12.1-61.18
citrix / application_delivery_controller_firmware	13.0	13.0-76.29
citrix / application_delivery_controller_firmware	12.1	12.1-55.238
citrix / sd-wan_wanop	11.3	11.3.2
citrix / sd-wan_wanop	11.1	11.1.2c
citrix / sd-wan_wanop	11.2	11.2.3a
citrix / sd-wan_wanop	10.2	10.2.9a

https://support.citrix.com/article/CTX297155

Vulnerability Database

289,689

CVE-2020-8299