Cyber Resilience

CVE-2020-8195

MediumCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 10 July 2020

Published
10 July 2020
Modified
30 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.8034 99.1th percentile
Risk Priority 81 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-8195 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Citrix Application Delivery Controller Firmware. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2020-8195 is an improper input validation vulnerability, also referenced under CWE-20 and CWE-22, that affects Citrix ADC and Citrix Gateway versions prior to 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, as well as Citrix SD-WAN WAN-OP versions prior to 11.1.1a, 11.0.3d, and 10.2.7. The flaw permits limited information disclosure and has a CVSS v3.1 base score of 6.5 reflecting network attack vector, low attack complexity, and low privileges required.

Low-privileged authenticated users can exploit the issue over the network to read arbitrary files on affected appliances, consistent with local file inclusion behavior reported in public exploit archives. This results in high confidentiality impact without requiring user interaction or affecting integrity or availability.

Citrix advisory CTX276688 addresses the vulnerability and provides updated software builds that resolve the input validation weakness. The flaw is also listed in the CISA Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation activity against the affected Citrix products.

EU & UK References

Vulnerability details

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

citrix
application delivery controller firmware
10.5 — 10.5-70.18 · 11.1 — 11.1-64.14 · 12.0 — 12.0-63.21
citrix
netscaler gateway firmware
10.5 — 10.5-70.18 · 11.1 — 11.1-64.14 · 12.0 — 12.0-63.21
citrix
gateway firmware
13.0 — 13.0-58.30
citrix
sd-wan wanop
10.2 — 10.2.7 · 11.0 — 11.0.3d · 11.1 — 11.1.1a
citrix
gateway plug-in for linux
≤ 1.0.0.137

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of input to block the path-traversal/file-inclusion payloads that enable arbitrary file reads.

prevent

Enforces access-control decisions so that low-privileged authenticated users cannot read files outside their authorized scope.

prevent

Mandates prompt installation of vendor patches that correct the input-validation flaw in the listed Citrix builds.

References