CVE-2024-8535

EUVD-2024-49550
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver)  with KCDAccount configuration for Kerberos SSO to access backend resources
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
citrixnetscaler_application_delivery_controller
12.1 ≤
𝑥
< 12.1-55.321
citrixnetscaler_application_delivery_controller
12.1 ≤
𝑥
< 12.1-55.321
citrixnetscaler_application_delivery_controller
12.1 ≤
𝑥
< 13.1-55.34
citrixnetscaler_application_delivery_controller
13.1 ≤
𝑥
< 13.1-37.207
citrixnetscaler_application_delivery_controller
14.1 ≤
𝑥
< 14.1-29.72
citrixnetscaler_gateway
12.1 ≤
𝑥
< 13.1-55.34
citrixnetscaler_gateway
14.1 ≤
𝑥
< 14.1-29.72
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US