CVE-2024-5492 — Open Redirect in Netscaler ADC

CWE-601 — Open Redirect CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

1.9%

top 16.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netsclaer Netscaler ADC Citrix Netscaler Application Delivery Controller Citrix Netscaler Gateway +4 more

Timeline

PublishedJul 10

Description

Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages8 packages

▶NVDcitrix/netscaler_gateway12.1 — 13.0-92.31+2

▶citrixcitrix/netscaler_gateway

▶CVEListV5netsclaer/netscaler_adc14.1 — 25.53+5

▶NVDcitrix/netscaler_application_delivery_controller12.1 — 12.1-55.304+4

▶citrixcitrix/netscaler_adc

🔴Vulnerability Details

GHSA

GHSA-wj5r-m28j-95q9: Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway↗2024-07-10

▶

📋Vendor Advisories

Citrix

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492↗2024-07-09

▶