thrunt.me Applied Cybernetics Group

November 3, 2021 · Applied Cybernetics Group

CVE-2020-8193 — Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability

Added to KEV
2021-11-03
Federal due date
2022-05-03
Vendor
Citrix
Product
Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
EPSS
100.0th percentile (score 0.944, as of 2026-06-08)
NVD CVSS v3.1
Ransomware use
Unknown
Upstream
https://nvd.nist.gov/vuln/detail/CVE-2020-8193

CISA short description

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.