Unauthorized Access in NetScaler ADC and Gateway by Citrix
CVE-2024-8535

Currently unrated

Key Information:

Vendor
Citrix
Status
NetScaler ADC and NetScaler Gateway
Vendor
CVE Published:
12 November 2024

Badges

📰 News Worthy

Summary

Authenticated users may exploit a configuration flaw in Citrix NetScaler ADC and NetScaler Gateway, which allows unintended access to user capabilities. This vulnerability arises when the appliance is configured as a Gateway or Auth Server with specific Kerberos SSO settings, enabling unauthorized access to backend resources. Proper configuration and timely updates are crucial to mitigating potential attacks related to this access control issue.

News Articles

favicon imageNetScaler

High severity security updates available for NetScaler

Cloud Software Group has released builds to fix CVE-2024-8534 and CVE-2024-8535, which affect NetScaler ADC and NetScaler Gateway.

References

https://support.citrix.com/s/article/CTX691608-netscaler-...

Timeline

  • 📰

    First article discovered by NetScaler

  • Vulnerability published

.