CVE-2024-8535

Authenticated user can access unintended user capabilitiesinNetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resourcesORthe appliance must be configured as anAuth Server (AAA Vserver)  with KCDAccount configuration for Kerberos SSO to access backend resources
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CitrixCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
citrixnetscaler_application_delivery_controller
12.1 ≤
𝑥
< 12.1-55.321
citrixnetscaler_application_delivery_controller
12.1 ≤
𝑥
< 12.1-55.321
citrixnetscaler_application_delivery_controller
12.1 ≤
𝑥
< 13.1-55.34
citrixnetscaler_application_delivery_controller
13.1 ≤
𝑥
< 13.1-37.207
citrixnetscaler_application_delivery_controller
14.1 ≤
𝑥
< 14.1-29.72
citrixnetscaler_gateway
12.1 ≤
𝑥
< 13.1-55.34
citrixnetscaler_gateway
14.1 ≤
𝑥
< 14.1-29.72
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US