CVE-2024-8534
8.4
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:L
Summary
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NetSclaer | NetScaler ADC | 14.1 < 29.72 | affected |
| NetSclaer | NetScaler ADC | 13.1 < 55.34 | affected |
| NetSclaer | NetScaler ADC | 13.1-FIPS < 37.207 | affected |
| NetSclaer | NetScaler ADC | 12.1-FIPS < 55.321 | affected |
| NetSclaer | NetScaler ADC | 12.1-NDcPP < 55.321 | affected |
| NetScaler | NetScaler Gateway | 14.1 < 29.72 | affected |
| NetScaler | NetScaler Gateway | 13.1 < 55.34 | affected |
| NetScaler | NetScaler Gateway | 13.1-FIPS < 37.207 | affected |
| NetScaler | NetScaler Gateway | 12.1-FIPS < 55.321 | affected |
| NetScaler | NetScaler Gateway | 12.1-NDcPP < 55.321 | affected |
Weaknesses
- CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.