CVE-2020-8299 — MEDIUM (6.5)

Q: How severe is CVE-2020-8299?

CVE-2020-8299 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-8299?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Gateway, Citrix Netscaler Gateway, Citrix Application Delivery Controller Firmware, Citrix Application Delivery Controller, Citrix Mpx\/Sdx 14030 Fips.

Vulnerability Description

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Citrix	Gateway	>= 12.1, < 12.1-61.18
Citrix	Netscaler Gateway	>= 11.1, < 11.1-65.20
Citrix	Application Delivery Controller Firmware	>= 11.1, < 11.1-65.20
Citrix	Application Delivery Controller	-
Citrix	Mpx\/Sdx 14030 Fips	-
Citrix	Mpx\/Sdx 14060 Fips	-
Citrix	Mpx\/Sdx 14080 Fips	-
Citrix	Mpx 15030-50G Fips	-
Citrix	Mpx 15040-50G Fips	-
Citrix	Mpx 15060-50G Fips	-
Citrix	Mpx 15080-50G Fips	-
Citrix	Mpx 15100-50G Fips	-
Citrix	Mpx 15120-50G Fips	-
Citrix	Mpx 8905 Fips	-
Citrix	Mpx 8910 Fips	-
Citrix	Mpx 8920 Fips	-
Citrix	Sd-Wan Wanop	>= 10.2, < 10.2.9a

Related Weaknesses (CWE)

CWE-400

References

https://support.citrix.com/article/CTX297155Vendor Advisory
https://support.citrix.com/article/CTX297155Vendor Advisory

FAQ

What is CVE-2020-8299?

CVE-2020-8299 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a...

How severe is CVE-2020-8299?

CVE-2020-8299 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8299?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Gateway, Citrix Netscaler Gateway, Citrix Application Delivery Controller Firmware, Citrix Application Delivery Controller, Citrix Mpx\/Sdx 14030 Fips.