Detections
Analytics
NetScaler ADC and NetScaler Gateway Multiple Vulnerabilities (CTX677944)
high Nessus Plugin ID 202083
Language:
Synopsis
The remote device may be affected by multiple vulnerabilities.Description
The remote NetScaler ADC (formerly Citrix ADC) or NetScaler Gateway (formerly Citrix Gateway) device is version 12.1, 13.0 before 13.0-92.31, 13.1 before 13.1-53.17, or 14.1 before 14.1-25.53. It is, therefore, affected by multiple vulnerabilities:- Denial of Service (CVE-2024-5491)
- Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites (CVE-2024-5492)
Please refer to advisory CTX677944 for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to version 13.0-92.31, 13.1-53.17, 14.1-25.53, or later.See Also
Plugin Details
Severity: High
ID: 202083
File Name: netscaler_adc_gateway_CTX677944.nasl
Version: 1.3
Type: combined
Family: CGI abuses
Published: 7/10/2024
Updated: 7/29/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2024-5492
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS v4
Risk Factor: High
Base Score: 7.2
Threat Score: 5.2
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
CVSS Score Source: CVE-2024-5491
Vulnerability Information
CPE: cpe:/h:citrix:netscaler_application_delivery_controller, cpe:/h:citrix:netscaler_gateway
Required KB Items: Host/NetScaler/Detected
Exploit Ease: No known exploits are available
Patch Publication Date: 7/9/2024
Vulnerability Publication Date: 7/9/2024
Reference Information
CVE: CVE-2024-5491, CVE-2024-5492