CVE-2024-8535
published 2024-11-12CVE-2024-8535: Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN…
PriorityP347high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.42%
33.9th percentile
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adc | — | — |
| citrix | citrix_gateway | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_application_delivery_controller | >= 12.1 < 12.1-55.321 | 12.1-55.321 |
| citrix | netscaler_application_delivery_controller | >= 12.1 < 13.1-55.34 | 13.1-55.34 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-37.207 | 13.1-37.207 |
| citrix | netscaler_application_delivery_controller | >= 14.1 < 14.1-29.72 | 14.1-29.72 |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | >= 12.1 < 13.1-55.34 | 13.1-55.34 |
| citrix | netscaler_gateway | >= 14.1 < 14.1-29.72 | 14.1-29.72 |
| citrix | xenserver | — | — |
| netscaler | netscaler_adc | >= 12.1-FIPS < 55.321 | 55.321 |
| netscaler | netscaler_adc | >= 12.1-NDcPP < 55.321 | 55.321 |
| netscaler | netscaler_adc | >= 13.1 < 55.34 | 55.34 |
| netscaler | netscaler_adc | >= 13.1 FIPS < 37.207 | 37.207 |
| netscaler | netscaler_adc | >= 14.1 < 29.72 | 29.72 |
| netscaler | netscaler_gateway | >= 12.1-FIPS < 55.321 | 55.321 |
| netscaler | netscaler_gateway | >= 12.1-NDcPP < 55.321 | 55.321 |
| netscaler | netscaler_gateway | >= 13.1 < 55.34 | 55.34 |
| netscaler | netscaler_gateway | >= 13.1-FIPS < 37.207 | 37.207 |
| netscaler | netscaler_gateway | >= 14.1 < 29.72 | 29.72 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.8MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535
vendor_citrix·2024-11-14·CVSS 8.4
CVE-2024-8534 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535
of Problem Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details.
CVE References: CVE-2024-8534, CVE-2024-8535
Affected Products: Citrix ADC, Citrix Gateway, NetScaler ADC, NetScaler Gateway, XenServer
Severity: High
CVSS Score: 8.4
Remediation:
Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible. NetScaler ADC and NetScaler Gateway 14.1-29.72 and later releases NetScaler ADC and NetScaler Gateway 13.1-55.34 and later releases of 13.1 NetScaler ADC 13.1-FIPS 13.1-37.207 and later releases of
GHSA
GHSA-8xqq-wrhg-93q9: Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SS
ghsa_unreviewed·2024-11-12
CVE-2024-8535 [MEDIUM] CWE-552 GHSA-8xqq-wrhg-93q9: Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SS
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-12
Published