CVE-2024-5492
published 2024-07-10CVE-2024-5492: Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
PriorityP431medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.55%
41.9th percentile
Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adc | — | — |
| citrix | citrix_gateway | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_application_delivery_controller | >= 12.1 < 12.1-55.304 | 12.1-55.304 |
| citrix | netscaler_application_delivery_controller | >= 12.1 < 13.0-92.31 | 13.0-92.31 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-37.183 | 13.1-37.183 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-53.17 | 13.1-53.17 |
| citrix | netscaler_application_delivery_controller | >= 14.1 < 14.1-25.53 | 14.1-25.53 |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | >= 12.1 < 13.0-92.31 | 13.0-92.31 |
| citrix | netscaler_gateway | >= 13.1 < 13.1-53.17 | 13.1-53.17 |
| citrix | netscaler_gateway | >= 14.1 < 14.1-25.53 | 14.1-25.53 |
| citrix | xenserver | — | — |
| netsclaer | netscaler_adc | >= 12.1-FIPS < 55.304 | 55.304 |
| netsclaer | netscaler_adc | >= 12.1-NDcPP < 55.304 | 55.304 |
| netsclaer | netscaler_adc | >= 13.0 < 92.13 | 92.13 |
| netsclaer | netscaler_adc | >= 13.1 < 53.17 | 53.17 |
| netsclaer | netscaler_adc | >= 13.1-FIPS < 37.183 | 37.183 |
| netsclaer | netscaler_adc | >= 14.1 < 25.53 | 25.53 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wj5r-m28j-95q9: Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
ghsa_unreviewed·2024-07-10
CVE-2024-5492 [MEDIUM] CWE-601 GHSA-wj5r-m28j-95q9: Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
Citrix
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492
vendor_citrix·2024-07-09·CVSS 7.2
CVE-2024-5491 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492
of Problem Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer to below for further details:
CVE References: CVE-2024-5491, CVE-2024-5492
Affected Products: Citrix ADC, Citrix Gateway, NetScaler ADC, NetScaler Gateway, XenServer
Severity: High
CVSS Score: 7.1
Remediation:
Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible. NetScaler ADC and NetScaler Gateway 14.1-25.53 and later releases NetScaler ADC and NetScaler Gateway 13.1-53.17 and later releases of 13.1 NetScaler ADC and NetScaler Gateway 13.0-92.31 and late
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492https://support.citrix.com/external/article?articleUrl=CTX677944-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492
2024-07-10
Published