Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8535

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources

Published

2024-11-12T19:15:19.040

Last Modified

2025-07-25T18:59:58.327

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-552

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	citrix	netscaler_application_delivery_controller	< 12.1-55.321	Yes
Application	citrix	netscaler_application_delivery_controller	< 12.1-55.321	Yes
Application	citrix	netscaler_application_delivery_controller	< 13.1-55.34	Yes
Application	citrix	netscaler_application_delivery_controller	< 13.1-37.207	Yes
Application	citrix	netscaler_application_delivery_controller	< 14.1-29.72	Yes
Application	citrix	netscaler_gateway	< 13.1-55.34	Yes
Application	citrix	netscaler_gateway	< 14.1-29.72	Yes

References

https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US Vendor Advisory ([email protected])