Rewterz Threat Advisory – CVE-2020-8246 – Citrix Application Delivery Controller denial of service
September 21, 2020Rewterz Threat Advisory – CVE-2020-16202 – Advantech WebAccess Node privilege escalation
September 21, 2020Rewterz Threat Advisory – CVE-2020-8246 – Citrix Application Delivery Controller denial of service
September 21, 2020Rewterz Threat Advisory – CVE-2020-16202 – Advantech WebAccess Node privilege escalation
September 21, 2020Severity
High
Analysis Summary
Citrix Application Delivery Controller, Citrix Gateway and Citrix SD-WAN WANOP appliance models could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an error in the management interface. An attacker could exploit this vulnerability to execute arbitrary commands on the management interface with elevated privileges.
Impact
Privilege escalation
Affected Vendors
Citrix
Affected Products
- Citrix Gateway 11.1
- Citrix Gateway 12.1
- Citrix Gateway 13.0
- Citrix Application Delivery Controller (ADC) 11.1
- Citrix Application Delivery Controller (ADC) 12.1
- Citrix Application Delivery Controller (ADC) 13.0
- Citrix SD-WAN WANOP 11.0
- Citrix SD-WAN WANOP 11.1
- Citrix SD-WAN WANOP 11.2
- Citrix SD-WAN WANOP 10.0
Remediation
Refer to CTX281474 for patch, upgrade or suggested workaround information.