CVE-2024-5491
published 2024-07-10CVE-2024-5491: Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
PriorityP433high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.76%
50.8th percentile
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adc | — | — |
| citrix | citrix_gateway | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_application_delivery_controller | >= 12.1 < 12.1-55.304 | 12.1-55.304 |
| citrix | netscaler_application_delivery_controller | >= 12.1 < 13.0-92.31 | 13.0-92.31 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-37.183 | 13.1-37.183 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-53.17 | 13.1-53.17 |
| citrix | netscaler_application_delivery_controller | >= 14.1 < 14.1-25.53 | 14.1-25.53 |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | >= 12.1 < 13.0-92.31 | 13.0-92.31 |
| citrix | netscaler_gateway | >= 13.1 < 13.1-53.17 | 13.1-53.17 |
| citrix | netscaler_gateway | >= 14.1 < 14.1-25.53 | 14.1-25.53 |
| citrix | xenserver | — | — |
| netscaler | netscaler_adc | >= 12.1-FIPS < 55.304 | 55.304 |
| netscaler | netscaler_adc | >= 12.1-NDcPP < 55.304 | 55.304 |
| netscaler | netscaler_adc | >= 13.0 < 92.31 | 92.31 |
| netscaler | netscaler_adc | >= 13.1 < 53.17 | 53.17 |
| netscaler | netscaler_adc | >= 13.1-FIPS < 37.183 | 37.183 |
| netscaler | netscaler_adc | >= 14.1 < 25.53 | 25.53 |
| netscaler | netscaler_gateway | >= 13.0 < 92.31 | 92.31 |
| netscaler | netscaler_gateway | >= 13.1 < 53.17 | 53.17 |
| netscaler | netscaler_gateway | >= 14.1 < 25.53 | 25.53 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.07.2HIGHCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492
vendor_citrix·2024-07-09·CVSS 7.2
CVE-2024-5491 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492
of Problem Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer to below for further details:
CVE References: CVE-2024-5491, CVE-2024-5492
Affected Products: Citrix ADC, Citrix Gateway, NetScaler ADC, NetScaler Gateway, XenServer
Severity: High
CVSS Score: 7.1
Remediation:
Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible. NetScaler ADC and NetScaler Gateway 14.1-25.53 and later releases NetScaler ADC and NetScaler Gateway 13.1-53.17 and later releases of 13.1 NetScaler ADC and NetScaler Gateway 13.0-92.31 and late
GHSA
GHSA-p959-c7xj-w3cr: Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
ghsa_unreviewed·2024-07-10
CVE-2024-5491 [HIGH] GHSA-p959-c7xj-w3cr: Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492https://support.citrix.com/external/article?articleUrl=CTX677944-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492
2024-07-10
Published