{"containers": {"cna": {"affected": [{"product": "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2"}]}], "descriptions": [{"lang": "en", "value": "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "Denial of Service (CWE-400)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-16T13:08:22", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.citrix.com/article/CTX297155"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8299", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition", "version": {"version_data": [{"version_value": "Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service (CWE-400)"}]}]}, "references": {"reference_data": [{"name": "https://support.citrix.com/article/CTX297155", "refsource": "MISC", "url": "https://support.citrix.com/article/CTX297155"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:56:28.408Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.citrix.com/article/CTX297155"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8299", "datePublished": "2021-06-16T13:08:22", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-08-04T09:56:28.408Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "871316FC-14DC-41BE-971B-61FBE11D5ABF", "versionEndExcluding": "12.1-61.18", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "FAA24333-CF47-45C2-81E3-C990095920D6", "versionEndExcluding": "13.0-76.29", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "D77B2AD2-BAF1-4FD3-B7C5-88AC1B130971", "versionEndExcluding": "11.1-65.20", "versionStartIncluding": "11.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E178AA28-B24F-4565-A314-1E58AAC54648", "versionEndExcluding": "11.1-65.20", "versionStartIncluding": "11.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AEBA65F-2FEA-45B2-9118-8781258BC28D", "versionEndExcluding": "12.1-61.18", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F78FBC6-84A1-4D99-8D70-BA5AF4B1F2BD", "versionEndExcluding": "13.0-76.29", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BEBCAD2-581F-4217-8425-46C03584E673", "versionEndExcluding": "12.1-55.238", "versionStartIncluding": "12.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "BCB11BC1-0702-436F-BFE2-14B38B118D99", "vulnerable": false}, {"criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "8569B182-D0A7-414B-B0A3-4DD2FAB44F69", "vulnerable": false}, {"criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994", "vulnerable": false}, {"criteria": "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "F60729DF-EDC8-4462-ABD2-6E4199F22701", "vulnerable": false}, {"criteria": "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "B789F02A-56CB-4871-9D9D-FAB0F31A72A1", "vulnerable": false}, {"criteria": "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "06699186-E7E4-463C-8844-77B2A750B985", "vulnerable": false}, {"criteria": "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F", "vulnerable": false}, {"criteria": "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB", "vulnerable": false}, {"criteria": "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C69709C-885A-4F19-899D-A7B5CE7066EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9", "vulnerable": false}, {"criteria": "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "492323D2-339D-404C-BB9B-E09ABB87FA2B", "vulnerable": false}, {"criteria": "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB83185D-DD6F-47CD-B500-499F9EF65093", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2E30C0C-32F2-4257-B946-600E3123A0D2", "versionEndExcluding": "10.2.9a", "versionStartIncluding": "10.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", "matchCriteriaId": "469E2490-71B8-48FB-A032-08922C75339A", "versionEndExcluding": "11.1.2c", "versionStartIncluding": "11.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", "matchCriteriaId": "56A52140-F4AE-4616-91E7-FF941EA26343", "versionEndExcluding": "11.2.3a", "versionStartIncluding": "11.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", "matchCriteriaId": "974341A5-6B06-4975-9406-CF41AB0E92F6", "versionEndExcluding": "11.3.2", "versionStartIncluding": "11.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance."}, {"lang": "es", "value": "Citrix ADC y Citrix/NetScaler Gateway versiones 13.0 anteriores a 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.238, y Citrix SD-WAN WANOP Edition versiones anteriores a 11.4.0, 11. 3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a, sufren un consumo no controlado de recursos mediante una denegaci\u00f3n de servicio basada en la red desde el mismo segmento de red de capa 2. Tome en cuenta que el atacante debe estar en el mismo segmento de red de capa 2 que el dispositivo vulnerable"}], "id": "CVE-2020-8299", "lastModified": "2024-11-21T05:38:41.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-16T14:15:08.107", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX297155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX297155"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}