Detections
Analytics
NetScaler ADC and NetScaler Gateway Multiple Vulnerabilities (CTX691608)
high Nessus Plugin ID 211474
Language:
Synopsis
The remote device may be affected by multiple vulnerabilities.Description
The remote NetScaler ADC (formerly Citrix ADC) or NetScaler Gateway (formerly Citrix Gateway) device is version 12.1, 13.0, 13.1 before 13.1-55.34 or 14.1 before 14.1-29.72. It is, therefore, affected by multiple vulnerabilities:- Memory safety vulnerability leading to memory corruption and Denial of Service (CVE-2024-8534)
- Authenticated user can access unintended user capabilities (CVE-2024-8535)
Please refer to advisory CTX691608 for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to version 13.1-55.34, 14.1-29.72 or later.See Also
Plugin Details
Severity: High
ID: 211474
File Name: netscaler_adc_gateway_CTX691608.nasl
Version: 1.3
Type: combined
Family: CGI abuses
Published: 11/15/2024
Updated: 7/29/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.6
Temporal Score: 5.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2024-8535
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS v4
Risk Factor: High
Base Score: 8.4
Threat Score: 5
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:L
CVSS Score Source: CVE-2024-8534
Vulnerability Information
CPE: cpe:/h:citrix:netscaler_gateway, cpe:/h:citrix:netscaler_application_delivery_controller
Required KB Items: Host/NetScaler/Detected
Exploit Ease: No known exploits are available
Patch Publication Date: 11/12/2024
Vulnerability Publication Date: 11/12/2024
Reference Information
CVE: CVE-2024-8534, CVE-2024-8535
IAVA: 2024-A-0724