Vulnerabilities > CVE-2020-8190 - Improper Preservation of Permissions vulnerability in Citrix products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

citrix

CWE-281

NVD

Published: 2020-07-10

Updated: 2020-07-13

Summary

Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.

Vulnerable Configurations

Part	Description	Count
OS	Citrix Citrix Application Delivery Controller Firmware 10.5 Citrix Application Delivery Controller Firmware 11.1 Citrix Application Delivery Controller Firmware 12.0 Citrix Application Delivery Controller Firmware 12.1 Citrix Application Delivery Controller Firmware 12.1-55.238 Citrix Application Delivery Controller Firmware 12.1-55.291 Citrix Application Delivery Controller Firmware 13.0 Citrix Netscaler Gateway Firmware 10.5 Citrix Netscaler Gateway Firmware 11.1 Citrix Netscaler Gateway Firmware 12.0 Citrix Netscaler Gateway Firmware 12.1 Citrix Gateway Firmware 13.0	15
Hardware	Citrix Citrix Application Delivery Controller - Citrix Netscaler Gateway - Citrix Gateway -	3

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://support.citrix.com/article/CTX276688