CVE-2020-8195

CVE Database · CVE-2020-8195

CVE-2020-8195

· MEDIUMAnalyzed

CVSS v3.1

6.5

EPSS

33.26%

Published

Jul 10, 2020

Modified

Oct 30, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-20CWE-22

Affected Products (18)

citrix · application_delivery_controller_firmware (up to 10.5-70.18)vulnerable

citrix · application_delivery_controller_firmware (up to 11.1-64.14)vulnerable

citrix · application_delivery_controller_firmware (up to 12.0-63.21)vulnerable

citrix · application_delivery_controller_firmware (up to 12.1-57.18)vulnerable

citrix · application_delivery_controller_firmware (up to 13.0-58.30)vulnerable

citrix · netscaler_gateway_firmware (up to 10.5-70.18)vulnerable

citrix · netscaler_gateway_firmware (up to 11.1-64.14)vulnerable