CVE-2024-8535

{"id": "CVE-2024-8535", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "secure@citrix.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-11-12T19:15:19.040", "references": [{"url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US", "tags": ["Vendor Advisory"], "source": "secure@citrix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "Authenticated user can access unintended user capabilities\u00a0in\u00a0NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u00a0OR\u00a0the appliance must be configured as an\u00a0Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources"}, {"lang": "es", "value": "El usuario autenticado puede acceder a las capacidades de usuario no deseadas en NetScaler ADC y NetScaler Gateway si el dispositivo debe configurarse como un Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) con configuraci\u00f3n de KCDAccount para Kerberos SSO para acceder a los recursos del backend O el dispositivo debe configurarse como un servidor de autenticaci\u00f3n (AAA Vserver) con configuraci\u00f3n de KCDAccount para Kerberos SSO para acceder a los recursos del backend "}], "lastModified": "2025-07-25T18:59:58.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "vulnerable": true, "matchCriteriaId": "F5EE3463-C7DB-493D-A14E-7A8891B903D9", "versionEndExcluding": "12.1-55.321", "versionStartIncluding": "12.1"}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "vulnerable": true, "matchCriteriaId": "1EAF1004-344C-4A0A-A1B6-A8932D763724", "versionEndExcluding": "12.1-55.321", "versionStartIncluding": "12.1"}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "0F832616-B768-4B98-AF21-3C32CB1F9A3B", "versionEndExcluding": "13.1-55.34", "versionStartIncluding": "12.1"}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "vulnerable": true, "matchCriteriaId": "23A038D6-AA3B-4833-AEE8-0DCE05DC21E9", "versionEndExcluding": "13.1-37.207", "versionStartIncluding": "13.1"}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "29410A07-D4E1-4D0F-BC78-4A2323325370", "versionEndExcluding": "14.1-29.72", "versionStartIncluding": "14.1"}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B767B864-9D9B-4C28-A216-570E8835D466", "versionEndExcluding": "13.1-55.34", "versionStartIncluding": "12.1"}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E814029-E1B3-48E7-847E-B5A522D06780", "versionEndExcluding": "14.1-29.72", "versionStartIncluding": "14.1"}], "operator": "OR"}]}], "sourceIdentifier": "secure@citrix.com"}