Citrix NetScaler ADC/Gateway Memory Corruption and Privilege Escalation Vulnerabilities (CVE-2024-8534/8535)

From this webpage screenshot, the following key information about the vulnerabilities can be obtained: 1. Vulnerability IDs: - CVE-2024-8534 - CVE-2024-8535 2. Affected Versions: - NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-29.72 - NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-55.34 - NetScaler ADC 13.1-FIPS BEFORE 13.1-37.207 - NetScaler ADC 12.1-FIPS BEFORE 12.1-55.321 - NetScaler ADC 12.1-NDcPP BEFORE 12.1-55.321 3. Severity: - High 4. Remediation: - Affected users are advised to upgrade to subsequent versions of the affected releases as soon as possible. - For specific configurations, the presence of vulnerable configurations can be determined by checking for specific strings in the file. 5. CVE-2024-8534: - Description: Memory safety vulnerability that may lead to memory corruption and denial of service. - CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer - CVSS v4.0 Base Score: 8.4 6. CVE-2024-8535: - Description: Authenticated users can access capabilities intended for unauthorized users. - CWE: CWE-440: Expected Behavior Violation - CVSS v4.0 Base Score: 5.8 7. Recommended Actions: - For affected versions, users are advised to upgrade to later versions. - For specific configurations, check for specific strings in the file to determine if a vulnerable configuration exists. 8. Disclaimer: - Information is provided "as is" and "as available". - Information may not apply to all systems. - Information may not cover all potential vulnerabilities. 9. Update Log: - 2024-11-12: Initial release - 2024-11-14: Added acknowledgments This information helps users understand the details of the vulnerabilities, affected versions, severity levels, and how to address these issues.

Goal Reached Thanks to every supporter — we hit 100%!

Citrix NetScaler ADC/Gateway Memory Corruption and Privilege Escalation Vulnerabilities (CVE-2024-8534/8535)