CVE-2024-8535

HIGH

8.1

Beschreibung

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources

CVE Details

CVSS v3.1 Bewertung8.1

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatHIGH

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht11/12/2024

Zuletzt geandert7/25/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

citrix:netscaler_application_delivery_controllercitrix:netscaler_gateway

Schwachen (CWE)

CWE-552

Referenzen

https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US(secure@citrix.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.