TROYANOSYVIRUS
Back to CVEs

CVE-2024-8535

HIGH
8.1

Description

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources

CVE Details

CVSS v3.1 Score8.1
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published11/12/2024
Last Modified7/25/2025
Sourcenvd
Honeypot Sightings0

Affected Products

citrix:netscaler_application_delivery_controllercitrix:netscaler_gateway

Weaknesses (CWE)

CWE-552

References

https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US(secure@citrix.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.