CVE-2024-8534

Summary

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled

Affected Software

VendorProductVersion RangeStatus
NetSclaerNetScaler ADC14.1 < 29.72affected
NetSclaerNetScaler ADC13.1 < 55.34affected
NetSclaerNetScaler ADC13.1-FIPS < 37.207affected
NetSclaerNetScaler ADC12.1-FIPS < 55.321affected
NetSclaerNetScaler ADC12.1-NDcPP < 55.321affected
NetScalerNetScaler Gateway14.1 < 29.72affected
NetScalerNetScaler Gateway13.1 < 55.34affected
NetScalerNetScaler Gateway13.1-FIPS < 37.207affected
NetScalerNetScaler Gateway12.1-FIPS < 55.321affected
NetScalerNetScaler Gateway12.1-NDcPP < 55.321affected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References