Vulnerability Description
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Gateway | >= 12.1, < 12.1-62.23 |
| Citrix | Netscaler Gateway | >= 11.1, < 11.1-65.20 |
| Citrix | Application Delivery Controller Firmware | >= 11.1, < 11.1-65.20 |
| Citrix | Application Delivery Controller | - |
| Citrix | Mpx\/Sdx 14030 Fips | - |
| Citrix | Mpx\/Sdx 14060 Fips | - |
| Citrix | Mpx\/Sdx 14080 Fips | - |
| Citrix | Mpx 15030-50G Fips | - |
| Citrix | Mpx 15040-50G Fips | - |
| Citrix | Mpx 15060-50G Fips | - |
| Citrix | Mpx 15080-50G Fips | - |
| Citrix | Mpx 15100-50G Fips | - |
| Citrix | Mpx 15120-50G Fips | - |
| Citrix | Mpx 8905 Fips | - |
| Citrix | Mpx 8910 Fips | - |
| Citrix | Mpx 8920 Fips | - |
Related Weaknesses (CWE)
References
- https://support.citrix.com/article/CTX297155Vendor Advisory
- https://support.citrix.com/article/CTX297155Vendor Advisory
FAQ
What is CVE-2020-8300?
CVE-2020-8300 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack th...
How severe is CVE-2020-8300?
CVE-2020-8300 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8300?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Gateway, Citrix Netscaler Gateway, Citrix Application Delivery Controller Firmware, Citrix Application Delivery Controller, Citrix Mpx\/Sdx 14030 Fips.