CVE-2020-10112
Last modified
CVE-2020-10112 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. EPSS estimates a 1.43% chance of exploitation in the next 30 days.
Description
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Gateway Firmware | 11.1 |
| Citrix | Gateway Firmware | 12.0 |
| Citrix | Gateway Firmware | 12.1 |
References
- http://seclists.org/fulldisclosure/2020/Mar/8Exploit, Mailing List, Third Party Advisory
- https://support.citrix.com/searchVendor Advisory
- http://seclists.org/fulldisclosure/2020/Mar/8Exploit, Mailing List, Third Party Advisory
- https://support.citrix.com/searchVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-10112?
How severe is CVE-2020-10112?
How do I fix CVE-2020-10112?
Are you affected by CVE-2020-10112?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST