Search criteria
4 vulnerabilities found for NetScaler ADC by NetScaler
CVE-2024-8535 (GCVE-0-2024-8535)
Vulnerability from nvd – Published: 2024-11-12 18:28 – Updated: 2024-11-21 16:18
VLAI?
Title
Authenticated user can access unintended user capabilities
Summary
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
Severity ?
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetScaler | NetScaler ADC |
Affected:
14.1 , < 29.72
(patch)
Affected: 13.1 , < 55.34 (patch) Affected: 13.1 FIPS , < 37.207 (patch) Affected: 12.1-FIPS , < 55.321 (patch) Affected: 12.1-NDcPP , < 55.321 (patch) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adc",
"vendor": "netscaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-ndcpp",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gateway",
"vendor": "netscaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-ndcpp",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T20:05:08.852710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:18:12.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1 FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAuthenticated user can access unintended user capabilities\u0026nbsp;\u003c/span\u003ein\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway if t\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u0026nbsp;\u003c/span\u003e\u003cstrong\u003eOR\u003c/strong\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;t\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as an\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAuth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Authenticated user can access unintended user capabilities\u00a0in\u00a0NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u00a0OR\u00a0the appliance must be configured as an\u00a0Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:31:02.674Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated user can access unintended user capabilities",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-8535",
"datePublished": "2024-11-12T18:28:51.398Z",
"dateReserved": "2024-09-06T17:18:27.467Z",
"dateUpdated": "2024-11-21T16:18:12.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5491 (GCVE-0-2024-5491)
Vulnerability from nvd – Published: 2024-07-10 18:56 – Updated: 2024-11-01 15:22
VLAI?
Title
Denial of Service
Summary
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetScaler | NetScaler ADC |
Affected:
14.1 , < 25.53
(patch)
Affected: 13.1 , < 53.17 (patch) Affected: 13.0 , < 92.31 (patch) Affected: 13.1-FIPS , < 37.183 (patch) Affected: 12.1-FIPS , < 55.304 (patch) Affected: 12.1-NDcPP , < 55.304 (patch) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T20:25:24.933103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T15:22:05.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "53.17",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "37.183",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.304",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.304",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "53.17",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-09T18:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler"
}
],
"value": "Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T18:56:08.095Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-5491",
"datePublished": "2024-07-10T18:56:08.095Z",
"dateReserved": "2024-05-29T20:16:35.305Z",
"dateUpdated": "2024-11-01T15:22:05.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8535 (GCVE-0-2024-8535)
Vulnerability from cvelistv5 – Published: 2024-11-12 18:28 – Updated: 2024-11-21 16:18
VLAI?
Title
Authenticated user can access unintended user capabilities
Summary
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
Severity ?
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetScaler | NetScaler ADC |
Affected:
14.1 , < 29.72
(patch)
Affected: 13.1 , < 55.34 (patch) Affected: 13.1 FIPS , < 37.207 (patch) Affected: 12.1-FIPS , < 55.321 (patch) Affected: 12.1-NDcPP , < 55.321 (patch) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adc",
"vendor": "netscaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-ndcpp",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gateway",
"vendor": "netscaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-ndcpp",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T20:05:08.852710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:18:12.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1 FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAuthenticated user can access unintended user capabilities\u0026nbsp;\u003c/span\u003ein\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway if t\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u0026nbsp;\u003c/span\u003e\u003cstrong\u003eOR\u003c/strong\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;t\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as an\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAuth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Authenticated user can access unintended user capabilities\u00a0in\u00a0NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u00a0OR\u00a0the appliance must be configured as an\u00a0Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:31:02.674Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated user can access unintended user capabilities",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-8535",
"datePublished": "2024-11-12T18:28:51.398Z",
"dateReserved": "2024-09-06T17:18:27.467Z",
"dateUpdated": "2024-11-21T16:18:12.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5491 (GCVE-0-2024-5491)
Vulnerability from cvelistv5 – Published: 2024-07-10 18:56 – Updated: 2024-11-01 15:22
VLAI?
Title
Denial of Service
Summary
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetScaler | NetScaler ADC |
Affected:
14.1 , < 25.53
(patch)
Affected: 13.1 , < 53.17 (patch) Affected: 13.0 , < 92.31 (patch) Affected: 13.1-FIPS , < 37.183 (patch) Affected: 12.1-FIPS , < 55.304 (patch) Affected: 12.1-NDcPP , < 55.304 (patch) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T20:25:24.933103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T15:22:05.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "53.17",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "37.183",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.304",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.304",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "53.17",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-09T18:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler"
}
],
"value": "Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T18:56:08.095Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-5491",
"datePublished": "2024-07-10T18:56:08.095Z",
"dateReserved": "2024-05-29T20:16:35.305Z",
"dateUpdated": "2024-11-01T15:22:05.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}