CVE-2024-8535

Summary

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources

Affected Software

VendorProductVersion RangeStatus
NetScalerNetScaler ADC14.1 < 29.72affected
NetScalerNetScaler ADC13.1 < 55.34affected
NetScalerNetScaler ADC13.1 FIPS < 37.207affected
NetScalerNetScaler ADC12.1-FIPS < 55.321affected
NetScalerNetScaler ADC12.1-NDcPP < 55.321affected
NetScalerNetScaler Gateway14.1 < 29.72affected
NetScalerNetScaler Gateway13.1 < 55.34affected
NetScalerNetScaler Gateway13.1-FIPS < 37.207affected
NetScalerNetScaler Gateway12.1-FIPS < 55.321affected
NetScalerNetScaler Gateway12.1-NDcPP < 55.321affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References