Description

Acunetix determined that it was possible to access Citrix ADC NetScaler's sensitive files without authentication.

Remediation

Upgrade to the latest version of Citrix NetScaler

References

Adventures in Citrix security research

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update

Related Vulnerabilities

WordPress Plugin Image Optimizer by 10web-Image Optimizer and Compression Directory Traversal (1.0.25)

Internet Information Services Other Vulnerability (CVE-2003-0223)

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-27903)

Nexus Repository Manager Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-5475)

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7818)

Severity

Medium

Classification

CVE-2020-8193 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Missing Update Known Vulnerabilities