CVE-2024-8535

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 12, 2024

Updated: Nov 13, 2024

CWE ID 552

Summary

CVE-2024-8535 is a new vulnerability affecting NetScaler ADC and NetScaler Gateway. This authenticated user vulnerability grants unintended capabilities if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos Single Sign-On (SSO) to access backend resources. Successful exploitation could potentially lead to elevated privileges, posing a significant risk to targeted networks. Organizations using these products are advised to apply relevant patches or updates as soon as possible to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Citrix NetScaler Application Delivery Controller (ADC)
Citrix Netscaler Gateway

Affected Vendors

Citrix Systems

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners