Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Wed, 13 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Netscaler
Netscaler adc
Netscaler gateway
Weaknesses CWE-552
CPEs cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*
cpe:2.3:a:netscaler:gateway:*:*:*:*:*:*:*:*
Vendors & Products Netscaler
Netscaler adc
Netscaler gateway
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 18:45:00 +0000

Type Values Removed Values Added
Description Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
Title Authenticated user can access unintended user capabilities
References
Metrics cvssV4_0

{'score': 5.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2024-11-12T18:28:51.398Z

Updated: 2024-11-21T16:18:12.855Z

Reserved: 2024-09-06T17:18:27.467Z

Link: CVE-2024-8535

cve-icon Vulnrichment

Updated: 2024-11-13T20:04:59.698Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-12T19:15:19.040

Modified: 2024-11-21T17:15:26.630

Link: CVE-2024-8535

cve-icon Redhat

No data.