{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-8535","assignerOrgId":"e437aed5-38e0-4fa3-a98b-cb73e7acaec6","state":"PUBLISHED","assignerShortName":"Citrix","dateReserved":"2024-09-06T17:18:27.467Z","datePublished":"2024-11-12T18:28:51.398Z","dateUpdated":"2024-11-21T16:18:12.855Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"NetScaler ADC","vendor":"NetScaler","versions":[{"lessThan":"29.72","status":"affected","version":"14.1","versionType":"patch"},{"lessThan":"55.34","status":"affected","version":"13.1","versionType":"patch"},{"lessThan":"37.207","status":"affected","version":"13.1 FIPS","versionType":"patch"},{"lessThan":"55.321","status":"affected","version":"12.1-FIPS","versionType":"patch"},{"lessThan":"55.321","status":"affected","version":"12.1-NDcPP","versionType":"patch"}]},{"defaultStatus":"unaffected","product":"NetScaler Gateway","vendor":"NetScaler","versions":[{"lessThan":"29.72","status":"affected","version":"14.1","versionType":"patch"},{"lessThan":"55.34","status":"affected","version":"13.1","versionType":"patch"},{"lessThan":"37.207","status":"affected","version":"13.1-FIPS","versionType":"patch"},{"lessThan":"55.321","status":"affected","version":"12.1-FIPS","versionType":"patch"},{"lessThan":"55.321","status":"affected","version":"12.1-NDcPP","versionType":"patch"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Authenticated user can access unintended user capabilities&nbsp;</span>in&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">NetScaler ADC and NetScaler Gateway if t</span><span style=\"background-color: var(--wht);\">he appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources&nbsp;</span><strong>OR</strong><span style=\"background-color: var(--wht);\">&nbsp;t</span><span style=\"background-color: var(--wht);\">he appliance must be configured as an&nbsp;</span><span style=\"background-color: var(--wht);\">Auth Server (AAA Vserver)  with KCDAccount configuration for Kerberos SSO to access backend resources</span><span style=\"background-color: var(--wht);\"><br></span><br>"}],"value":"Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver)  with KCDAccount configuration for Kerberos SSO to access backend resources"}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":5.8,"baseSeverity":"MEDIUM","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"e437aed5-38e0-4fa3-a98b-cb73e7acaec6","shortName":"Citrix","dateUpdated":"2024-11-12T18:31:02.674Z"},"references":[{"url":"https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"}],"source":{"discovery":"UNKNOWN"},"title":"Authenticated user can access unintended user capabilities","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-552","lang":"en","description":"CWE-552 Files or Directories Accessible to External Parties"}]}],"affected":[{"vendor":"netscaler","product":"adc","cpes":["cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"14.1","status":"affected","lessThan":"29.72","versionType":"custom"},{"version":"13.1","status":"affected","lessThan":"55.34","versionType":"custom"},{"version":"13.1fips","status":"affected","lessThan":"37.207","versionType":"custom"},{"version":"12.1-fips","status":"affected","lessThan":"55.321","versionType":"custom"},{"version":"12.1-ndcpp","status":"affected","lessThan":"55.321","versionType":"custom"}]},{"vendor":"netscaler","product":"gateway","cpes":["cpe:2.3:a:netscaler:gateway:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"14.1","status":"affected","lessThan":"29.72","versionType":"custom"},{"version":"13.1","status":"affected","lessThan":"55.34","versionType":"custom"},{"version":"13.1fips","status":"affected","lessThan":"37.207","versionType":"custom"},{"version":"12.1-fips","status":"affected","lessThan":"55.321","versionType":"custom"},{"version":"12.1-ndcpp","status":"affected","lessThan":"55.321","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-13T20:05:08.852710Z","id":"CVE-2024-8535","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-21T16:18:12.855Z"}}]}}