CVE-2024-8535 Authenticated user can access unintended user capabilities

🗓️ 12 Nov 2024 18:28:51Reported by CitrixType

Authenticated user access unintended capabilities in NetScaler ADC and Gatewa

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of the Citrix NetScaler Application Delivery Controller (previously Citrix ADC) and the Citrix NetScaler Gateway (previously Citrix Gateway) access control systems, related to behavior anomaly detection, allows attackers to gain unauthorized access to limited functions.	3 Dec 202400:00	–	bdu_fstec
Circl	CVE-2024-8535	12 Nov 202416:21	–	circl
CISA	Citrix Releases Security Updates for NetScaler and Citrix Session Recording	12 Nov 202412:00	–	cisa
CNNVD	Citrix Systems NetScaler Gateway和NetScaler ADC 安全漏洞	12 Nov 202400:00	–	cnnvd
CVE	CVE-2024-8535	12 Nov 202418:28	–	cve
EUVD	EUVD-2024-49550	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway	13 Nov 202415:10	–	ncsc
Tenable Nessus	NetScaler ADC and NetScaler Gateway Multiple Vulnerabilities (CTX691608)	15 Nov 202400:00	–	nessus
NVD	CVE-2024-8535	12 Nov 202419:15	–	nvd
Positive Technologies	PT-2024-8972 · Citrix · Citrix Netscaler Application Delivery Controller +1	12 Nov 202400:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "NetScaler ADC",
    "vendor": "NetScaler",
    "versions": [
      {
        "lessThan": "29.72",
        "status": "affected",
        "version": "14.1",
        "versionType": "patch"
      },
      {
        "lessThan": "55.34",
        "status": "affected",
        "version": "13.1",
        "versionType": "patch"
      },
      {
        "lessThan": "37.207",
        "status": "affected",
        "version": "13.1 FIPS",
        "versionType": "patch"
      },
      {
        "lessThan": "55.321",
        "status": "affected",
        "version": "12.1-FIPS",
        "versionType": "patch"
      },
      {
        "lessThan": "55.321",
        "status": "affected",
        "version": "12.1-NDcPP",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NetScaler Gateway",
    "vendor": "NetScaler",
    "versions": [
      {
        "lessThan": "29.72",
        "status": "affected",
        "version": "14.1",
        "versionType": "patch"
      },
      {
        "lessThan": "55.34",
        "status": "affected",
        "version": "13.1",
        "versionType": "patch"
      },
      {
        "lessThan": "37.207",
        "status": "affected",
        "version": "13.1-FIPS",
        "versionType": "patch"
      },
      {
        "lessThan": "55.321",
        "status": "affected",
        "version": "12.1-FIPS",
        "versionType": "patch"
      },
      {
        "lessThan": "55.321",
        "status": "affected",
        "version": "12.1-NDcPP",
        "versionType": "patch"
      }
    ]
  }
]

Source	Link
support	www.support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535

12 Nov 2024 18:31Current

CVSS 45.8

EPSS0.00915