cbcvebase.
CVE-2024-8535
published 2024-11-12

CVE-2024-8535: Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN…

PriorityP347high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.42%
33.9th percentile
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources

Affected

21 ranges
VendorProductVersion rangeFixed in
citrixcitrix_adc
citrixcitrix_gateway
citrixnetscaler_adc
citrixnetscaler_application_delivery_controller>= 12.1 < 12.1-55.32112.1-55.321
citrixnetscaler_application_delivery_controller>= 12.1 < 13.1-55.3413.1-55.34
citrixnetscaler_application_delivery_controller>= 13.1 < 13.1-37.20713.1-37.207
citrixnetscaler_application_delivery_controller>= 14.1 < 14.1-29.7214.1-29.72
citrixnetscaler_gateway
citrixnetscaler_gateway>= 12.1 < 13.1-55.3413.1-55.34
citrixnetscaler_gateway>= 14.1 < 14.1-29.7214.1-29.72
citrixxenserver
netscalernetscaler_adc>= 12.1-FIPS < 55.32155.321
netscalernetscaler_adc>= 12.1-NDcPP < 55.32155.321
netscalernetscaler_adc>= 13.1 < 55.3455.34
netscalernetscaler_adc>= 13.1 FIPS < 37.20737.207
netscalernetscaler_adc>= 14.1 < 29.7229.72
netscalernetscaler_gateway>= 12.1-FIPS < 55.32155.321
netscalernetscaler_gateway>= 12.1-NDcPP < 55.32155.321
netscalernetscaler_gateway>= 13.1 < 55.3455.34
netscalernetscaler_gateway>= 13.1-FIPS < 37.20737.207
netscalernetscaler_gateway>= 14.1 < 29.7229.72

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.8MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.