Login Sign Up

CVE-2020-8273

8.8 HIGH

📋 TL;DR

This vulnerability allows authenticated users to escalate their privileges to root on Citrix SD-WAN Center appliances. Attackers with valid credentials can execute arbitrary commands with full system control. Organizations using affected Citrix SD-WAN Center versions are at risk.

💻 Affected Systems

Products:
  • Citrix SD-WAN Center
Versions: Versions before 11.2.2, 11.1.2b, and 10.2.8
Operating Systems: Appliance-specific OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access; all default configurations are vulnerable.

📦 What is this software?

Sd Wan by Citrix

View all CVEs affecting Sd Wan →

Sd Wan by Citrix

View all CVEs affecting Sd Wan →

Sd Wan by Citrix

View all CVEs affecting Sd Wan →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers gain root access, install persistent backdoors, steal sensitive data, and pivot to other network segments.

🟠

Likely Case

Attackers with initial access escalate to root, install cryptocurrency miners or ransomware, and maintain persistence for future attacks.

🟢

If Mitigated

Limited impact if strong authentication controls, network segmentation, and least privilege principles are enforced, though root access remains possible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.2.2, 11.1.2b, or 10.2.8

Vendor Advisory: https://support.citrix.com/article/CTX285061

Restart Required: Yes

Instructions:

1. Backup configuration and data. 2. Download appropriate patch from Citrix support. 3. Apply patch via management interface. 4. Reboot appliance. 5. Verify version update.

🔧 Temporary Workarounds

Restrict Management Access

all

Limit access to SD-WAN Center management interface to trusted IP addresses only.

Configure firewall rules to restrict access to management IP/ports

Strengthen Authentication

all

Enforce strong passwords, multi-factor authentication, and account lockout policies.

Implement MFA via RADIUS/TACACS+ integration

🧯 If You Can't Patch

  • Isolate SD-WAN Center appliances in separate network segments with strict access controls.
  • Implement continuous monitoring for unusual privilege escalation attempts and command execution.

🔍 How to Verify

Check if Vulnerable:

Check current version via web interface or CLI; if version is before 11.2.2, 11.1.2b, or 10.2.8, system is vulnerable.

Check Version:

ssh admin@sdwan-center 'show version' or check via web interface System > About

Verify Fix Applied:

Confirm version is 11.2.2, 11.1.2b, 10.2.8 or later via management interface.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events
  • Root user creation/modification
  • Unusual command execution patterns

Network Indicators:

  • Unusual outbound connections from SD-WAN Center
  • Traffic to known malicious IPs

SIEM Query:

source="sdwan-center" AND (event="privilege_escalation" OR user="root" AND action="login")

📊 Metadata

CVE ID: CVE-2020-8273
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: November 16, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-8273, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)