fkie_cve-2024-8534
Vulnerability from fkie_nvd
Published
2024-11-12 19:15
Modified
2025-07-25 18:42
Severity ?
Summary
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "F5EE3463-C7DB-493D-A14E-7A8891B903D9", "versionEndExcluding": "12.1-55.321", "versionStartIncluding": "12.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "matchCriteriaId": "1EAF1004-344C-4A0A-A1B6-A8932D763724", "versionEndExcluding": "12.1-55.321", "versionStartIncluding": "12.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "0F832616-B768-4B98-AF21-3C32CB1F9A3B", "versionEndExcluding": "13.1-55.34", "versionStartIncluding": "12.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "23A038D6-AA3B-4833-AEE8-0DCE05DC21E9", "versionEndExcluding": "13.1-37.207", "versionStartIncluding": "13.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "29410A07-D4E1-4D0F-BC78-4A2323325370", "versionEndExcluding": "14.1-29.72", "versionStartIncluding": "14.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "B767B864-9D9B-4C28-A216-570E8835D466", "versionEndExcluding": "13.1-55.34", "versionStartIncluding": "12.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E814029-E1B3-48E7-847E-B5A522D06780", "versionEndExcluding": "14.1-29.72", "versionStartIncluding": "14.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Memory safety vulnerability leading to memory corruption and Denial of Service\u00a0in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled\u00a0OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver)\u00a0OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled" }, { "lang": "es", "value": "Vulnerabilidad de seguridad de la memoria que provoca corrupci\u00f3n de memoria y denegaci\u00f3n de servicio en NetScaler ADC y Gateway si el dispositivo debe configurarse como un Gateway (VPN Vserver) con la funci\u00f3n RDP habilitada O el dispositivo debe configurarse como un Gateway (VPN Vserver) y se crea un perfil de servidor proxy RDP y se configura como Gateway (VPN Vserver) O el dispositivo debe configurarse como un servidor de autenticaci\u00f3n (AAA Vserver) con la funci\u00f3n RDP habilitada" } ], "id": "CVE-2024-8534", "lastModified": "2025-07-25T18:42:21.863", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV40": [ { "cvssData": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "source": "secure@citrix.com", "type": "Secondary" } ] }, "published": "2024-11-12T19:15:18.907", "references": [ { "source": "secure@citrix.com", "tags": [ "Vendor Advisory" ], "url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US" } ], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "secure@citrix.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…