Rewterz

Rewterz Threat Advisory – CVE-2020-8246 – Citrix Application Delivery Controller denial of service

September 21, 2020
Rewterz

Rewterz Threat Advisory – CVE-2020-16202 – Advantech WebAccess Node privilege escalation

September 21, 2020

Rewterz Threat Advisory – CVE-2020-8247 – Citrix Application Delivery Controller privilege escalation

Severity

High

Analysis Summary

Citrix Application Delivery Controller, Citrix Gateway and Citrix SD-WAN WANOP appliance models could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an error in the management interface. An attacker could exploit this vulnerability to execute arbitrary commands on the management interface with elevated privileges.

Impact

Privilege escalation

Affected Vendors

Citrix

Affected Products

  • Citrix Gateway 11.1
  • Citrix Gateway 12.1
  • Citrix Gateway 13.0
  • Citrix Application Delivery Controller (ADC) 11.1
  • Citrix Application Delivery Controller (ADC) 12.1
  • Citrix Application Delivery Controller (ADC) 13.0
  • Citrix SD-WAN WANOP 11.0
  • Citrix SD-WAN WANOP 11.1
  • Citrix SD-WAN WANOP 11.2
  • Citrix SD-WAN WANOP 10.0

Remediation

Refer to CTX281474 for patch, upgrade or suggested workaround information.

https://support.citrix.com/article/CTX281474

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.