{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8535", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2024-09-06T17:18:27.467Z", "datePublished": "2024-11-12T18:28:51.398Z", "dateUpdated": "2024-11-21T16:18:12.855Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetScaler ADC", "vendor": "NetScaler", "versions": [{"lessThan": "29.72", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "55.34", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "37.207", "status": "affected", "version": "13.1 FIPS", "versionType": "patch"}, {"lessThan": "55.321", "status": "affected", "version": "12.1-FIPS", "versionType": "patch"}, {"lessThan": "55.321", "status": "affected", "version": "12.1-NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "NetScaler Gateway", "vendor": "NetScaler", "versions": [{"lessThan": "29.72", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "55.34", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "37.207", "status": "affected", "version": "13.1-FIPS", "versionType": "patch"}, {"lessThan": "55.321", "status": "affected", "version": "12.1-FIPS", "versionType": "patch"}, {"lessThan": "55.321", "status": "affected", "version": "12.1-NDcPP", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Authenticated user can access unintended user capabilities&nbsp;</span>in&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">NetScaler ADC and NetScaler Gateway if t</span><span style=\"background-color: var(--wht);\">he appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources&nbsp;</span><strong>OR</strong><span style=\"background-color: var(--wht);\">&nbsp;t</span><span style=\"background-color: var(--wht);\">he appliance must be configured as an&nbsp;</span><span style=\"background-color: var(--wht);\">Auth Server (AAA Vserver)  with KCDAccount configuration for Kerberos SSO to access backend resources</span><span style=\"background-color: var(--wht);\"><br></span><br>"}], "value": "Authenticated user can access unintended user capabilities\u00a0in\u00a0NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u00a0OR\u00a0the appliance must be configured as an\u00a0Auth Server (AAA Vserver)  with KCDAccount configuration for Kerberos SSO to access backend resources"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 5.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-11-12T18:31:02.674Z"}, "references": [{"url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"}], "source": {"discovery": "UNKNOWN"}, "title": "Authenticated user can access unintended user capabilities", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-552", "lang": "en", "description": "CWE-552 Files or Directories Accessible to External Parties"}]}], "affected": [{"vendor": "netscaler", "product": "adc", "cpes": ["cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "14.1", "status": "affected", "lessThan": "29.72", "versionType": "custom"}, {"version": "13.1", "status": "affected", "lessThan": "55.34", "versionType": "custom"}, {"version": "13.1fips", "status": "affected", "lessThan": "37.207", "versionType": "custom"}, {"version": "12.1-fips", "status": "affected", "lessThan": "55.321", "versionType": "custom"}, {"version": "12.1-ndcpp", "status": "affected", "lessThan": "55.321", "versionType": "custom"}]}, {"vendor": "netscaler", "product": "gateway", "cpes": ["cpe:2.3:a:netscaler:gateway:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "14.1", "status": "affected", "lessThan": "29.72", "versionType": "custom"}, {"version": "13.1", "status": "affected", "lessThan": "55.34", "versionType": "custom"}, {"version": "13.1fips", "status": "affected", "lessThan": "37.207", "versionType": "custom"}, {"version": "12.1-fips", "status": "affected", "lessThan": "55.321", "versionType": "custom"}, {"version": "12.1-ndcpp", "status": "affected", "lessThan": "55.321", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-13T20:05:08.852710Z", "id": "CVE-2024-8535", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T16:18:12.855Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8535", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-13T20:05:08.852710Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*"], "vendor": "netscaler", "product": "adc", "versions": [{"status": "affected", "version": "14.1", "lessThan": "29.72", "versionType": "custom"}, {"status": "affected", "version": "13.1", "lessThan": "55.34", "versionType": "custom"}, {"status": "affected", "version": "13.1fips", "lessThan": "37.207", "versionType": "custom"}, {"status": "affected", "version": "12.1-fips", "lessThan": "55.321", "versionType": "custom"}, {"status": "affected", "version": "12.1-ndcpp", "lessThan": "55.321", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netscaler:gateway:*:*:*:*:*:*:*:*"], "vendor": "netscaler", "product": "gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "29.72", "versionType": "custom"}, {"status": "affected", "version": "13.1", "lessThan": "55.34", "versionType": "custom"}, {"status": "affected", "version": "13.1fips", "lessThan": "37.207", "versionType": "custom"}, {"status": "affected", "version": "12.1-fips", "lessThan": "55.321", "versionType": "custom"}, {"status": "affected", "version": "12.1-ndcpp", "lessThan": "55.321", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T20:04:59.698Z"}}], "cna": {"title": "Authenticated user can access unintended user capabilities", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NetScaler", "product": "NetScaler ADC", "versions": [{"status": "affected", "version": "14.1", "lessThan": "29.72", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "55.34", "versionType": "patch"}, {"status": "affected", "version": "13.1 FIPS", "lessThan": "37.207", "versionType": "patch"}, {"status": "affected", "version": "12.1-FIPS", "lessThan": "55.321", "versionType": "patch"}, {"status": "affected", "version": "12.1-NDcPP", "lessThan": "55.321", "versionType": "patch"}], "defaultStatus": "unaffected"}, {"vendor": "NetScaler", "product": "NetScaler Gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "29.72", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "55.34", "versionType": "patch"}, {"status": "affected", "version": "13.1-FIPS", "lessThan": "37.207", "versionType": "patch"}, {"status": "affected", "version": "12.1-FIPS", "lessThan": "55.321", "versionType": "patch"}, {"status": "affected", "version": "12.1-NDcPP", "lessThan": "55.321", "versionType": "patch"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Authenticated user can access unintended user capabilities\u00a0in\u00a0NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u00a0OR\u00a0the appliance must be configured as an\u00a0Auth Server (AAA Vserver)  with KCDAccount configuration for Kerberos SSO to access backend resources", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Authenticated user can access unintended user capabilities&nbsp;</span>in&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">NetScaler ADC and NetScaler Gateway if t</span><span style=\"background-color: var(--wht);\">he appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources&nbsp;</span><strong>OR</strong><span style=\"background-color: var(--wht);\">&nbsp;t</span><span style=\"background-color: var(--wht);\">he appliance must be configured as an&nbsp;</span><span style=\"background-color: var(--wht);\">Auth Server (AAA Vserver)  with KCDAccount configuration for Kerberos SSO to access backend resources</span><span style=\"background-color: var(--wht);\"><br></span><br>", "base64": false}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-11-12T18:31:02.674Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8535", "state": "PUBLISHED", "dateUpdated": "2024-11-21T16:18:12.855Z", "dateReserved": "2024-09-06T17:18:27.467Z", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "datePublished": "2024-11-12T18:28:51.398Z", "assignerShortName": "Citrix"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "F5EE3463-C7DB-493D-A14E-7A8891B903D9", "versionEndExcluding": "12.1-55.321", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "matchCriteriaId": "1EAF1004-344C-4A0A-A1B6-A8932D763724", "versionEndExcluding": "12.1-55.321", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "0F832616-B768-4B98-AF21-3C32CB1F9A3B", "versionEndExcluding": "13.1-55.34", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "23A038D6-AA3B-4833-AEE8-0DCE05DC21E9", "versionEndExcluding": "13.1-37.207", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "29410A07-D4E1-4D0F-BC78-4A2323325370", "versionEndExcluding": "14.1-29.72", "versionStartIncluding": "14.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "B767B864-9D9B-4C28-A216-570E8835D466", "versionEndExcluding": "13.1-55.34", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E814029-E1B3-48E7-847E-B5A522D06780", "versionEndExcluding": "14.1-29.72", "versionStartIncluding": "14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authenticated user can access unintended user capabilities\u00a0in\u00a0NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u00a0OR\u00a0the appliance must be configured as an\u00a0Auth Server (AAA Vserver)  with KCDAccount configuration for Kerberos SSO to access backend resources"}, {"lang": "es", "value": "El usuario autenticado puede acceder a las capacidades de usuario no deseadas en NetScaler ADC y NetScaler Gateway si el dispositivo debe configurarse como un Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) con configuraci\u00f3n de KCDAccount para Kerberos SSO para acceder a los recursos del backend O el dispositivo debe configurarse como un servidor de autenticaci\u00f3n (AAA Vserver) con configuraci\u00f3n de KCDAccount para Kerberos SSO para acceder a los recursos del backend "}], "id": "CVE-2024-8535", "lastModified": "2025-07-25T18:59:58.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2024-11-12T19:15:19.040", "references": [{"source": "secure@citrix.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}