Search criteria
14 vulnerabilities by NetScaler
CVE-2025-12101 (GCVE-0-2025-12101)
Vulnerability from cvelistv5 – Published: 2025-11-11 13:44 – Updated: 2025-11-12 20:03
VLAI?
Summary
Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:54:37.426494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:03:26.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "56.73",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "60.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.250",
"status": "affected",
"version": "13.1-FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.333",
"status": "affected",
"version": "12.1-FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "56.73",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "60.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.250",
"status": "affected",
"version": "13.1-FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.333",
"status": "affected",
"version": "12.1-FIPS and NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-11-11T13:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCross-Site Scripting (XSS)\u0026nbsp;\u003c/span\u003ein\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway when\u0026nbsp;\u003c/span\u003ethe appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"value": "Cross-Site Scripting (XSS)\u00a0in\u00a0NetScaler ADC and NetScaler Gateway when\u00a0the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T13:44:56.765Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX695486"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-12101",
"datePublished": "2025-11-11T13:44:56.765Z",
"dateReserved": "2025-10-23T01:57:06.637Z",
"dateUpdated": "2025-11-12T20:03:26.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8424 (GCVE-0-2025-8424)
Vulnerability from cvelistv5 – Published: 2025-08-26 13:11 – Updated: 2025-08-27 14:08
VLAI?
Summary
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
Severity ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8424",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T03:55:15.625808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:08:11.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-08-26T13:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper access control on the NetScaler Management Interface\u003c/span\u003e in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC\u202fand NetScaler Gateway when an attacker can get a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eccess to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T13:11:10.822Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper access control on the NetScaler Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-8424",
"datePublished": "2025-08-26T13:11:10.822Z",
"dateReserved": "2025-07-31T15:12:42.021Z",
"dateUpdated": "2025-08-27T14:08:11.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7776 (GCVE-0-2025-7776)
Vulnerability from cvelistv5 – Published: 2025-08-26 13:03 – Updated: 2025-08-27 14:33
VLAI?
Summary
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T14:33:04.448715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:33:12.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-08-26T12:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMemory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service\u003c/span\u003e\u0026nbsp;in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway when\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it \u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service\u00a0in\u00a0NetScaler ADC and NetScaler Gateway when\u00a0NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T13:03:42.316Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-7776",
"datePublished": "2025-08-26T13:03:42.316Z",
"dateReserved": "2025-07-17T20:39:15.456Z",
"dateUpdated": "2025-08-27T14:33:12.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7775 (GCVE-0-2025-7775)
Vulnerability from cvelistv5 – Published: 2025-08-26 12:56 – Updated: 2025-10-21 22:45
VLAI?
Summary
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers
(OR)
CR virtual server with type HDX
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7775",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T03:55:14.429609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-08-26",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-7775"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:20.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-7775"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-26T00:00:00+00:00",
"value": "CVE-2025-7775 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-08-26T12:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMemory overflow vulnerability leading to Remote Code Execution and/or Denial of Service\u003c/span\u003e in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway when\u0026nbsp;\u003cp\u003eNetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server\u003c/p\u003e\u003cp\u003e(OR)\u003c/p\u003e\u003cp\u003eNetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers \u003c/p\u003e\u003cp\u003e(OR)\u003c/p\u003e\u003cp\u003eNetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers\u003c/p\u003e\u003cp\u003e(OR)\u003c/p\u003e\u003cp\u003eCR virtual server with type HDX\u003c/p\u003e\u003c/span\u003e"
}
],
"value": "Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when\u00a0NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server\n\n(OR)\n\nNetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers \n\n(OR)\n\nNetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers\n\n(OR)\n\nCR virtual server with type HDX"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T12:56:53.794Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-7775",
"datePublished": "2025-08-26T12:56:53.794Z",
"dateReserved": "2025-07-17T20:39:14.032Z",
"dateUpdated": "2025-10-21T22:45:20.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6543 (GCVE-0-2025-6543)
Vulnerability from cvelistv5 – Published: 2025-06-25 12:49 – Updated: 2025-10-21 22:45
VLAI?
Summary
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6543",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T03:55:32.992762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-06-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6543"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:23.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6543"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-30T00:00:00+00:00",
"value": "CVE-2025-6543 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.46",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.19",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.236",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.46",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.19",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.236",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-06-25T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when\u0026nbsp;configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"value": "Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when\u00a0configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:49:57.896Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory overflow vulnerability leading to unintended control flow and Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-6543",
"datePublished": "2025-06-25T12:49:57.896Z",
"dateReserved": "2025-06-23T18:08:23.912Z",
"dateUpdated": "2025-10-21T22:45:23.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4365 (GCVE-0-2025-4365)
Vulnerability from cvelistv5 – Published: 2025-06-17 12:38 – Updated: 2025-06-17 13:49
VLAI?
Summary
Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)
Severity ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T13:44:12.219691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:49:08.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Console",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.46",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "58.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDX (SVM)",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.46",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "58.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-06-17T12:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eArbitrary file read in\u0026nbsp;NetScaler Console and NetScaler SDX (SVM)\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Arbitrary file read in\u00a0NetScaler Console and NetScaler SDX (SVM)"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T12:47:26.718Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694729"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-4365",
"datePublished": "2025-06-17T12:38:10.318Z",
"dateReserved": "2025-05-05T17:29:52.331Z",
"dateUpdated": "2025-06-17T13:49:08.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5349 (GCVE-0-2025-5349)
Vulnerability from cvelistv5 – Published: 2025-06-17 12:32 – Updated: 2025-06-26 03:55
VLAI?
Summary
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
Severity ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T03:55:22.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "43.56",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "58.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-06-17T12:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper access control on the NetScaler Management Interface\u003c/span\u003e\u003c/b\u003e in \u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eNetScaler\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e ADC\u202fand \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eNetScaler\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e Gateway \u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T12:32:24.670Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetScaler ADC\u202fand NetScaler Gateway - Improper access control on the NetScaler Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-5349",
"datePublished": "2025-06-17T12:32:24.670Z",
"dateReserved": "2025-05-30T06:53:21.233Z",
"dateUpdated": "2025-06-26T03:55:22.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5777 (GCVE-0-2025-5777)
Vulnerability from cvelistv5 – Published: 2025-06-17 12:29 – Updated: 2025-10-21 22:45
VLAI?
Summary
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5777",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T03:55:31.757062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-07-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:24.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description",
"signature"
],
"url": "https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71"
},
{
"tags": [
"media-coverage"
],
"url": "https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-10T00:00:00+00:00",
"value": "CVE-2025-5777 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-13T18:49:26.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/"
},
{
"url": "https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/"
},
{
"url": "https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/"
},
{
"url": "https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/"
},
{
"url": "https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/"
},
{
"url": "https://citrixbleed.com"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "43.56",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "58.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "43.56",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "58.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-06-17T12:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient input validation leading to memory overread when the\u003c/span\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server\u003c/span\u003e"
}
],
"value": "Insufficient input validation leading to memory overread when the\u00a0NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T00:57:12.458Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-5777",
"datePublished": "2025-06-17T12:29:34.506Z",
"dateReserved": "2025-06-06T06:14:02.358Z",
"dateUpdated": "2025-10-21T22:45:24.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12284 (GCVE-0-2024-12284)
Vulnerability from cvelistv5 – Published: 2025-02-19 23:30 – Updated: 2025-02-21 04:56
VLAI?
Summary
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T04:56:13.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Console",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "38.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "56.18",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Agent",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "38.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "56.18",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-02-18T23:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated privilege escalation in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler Console and NetScaler Agen\u003c/span\u003et allows."
}
],
"value": "Authenticated privilege escalation in\u00a0NetScaler Console and NetScaler Agent allows."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T23:30:22.357Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-12284",
"datePublished": "2025-02-19T23:30:11.146Z",
"dateReserved": "2024-12-05T20:44:23.593Z",
"dateUpdated": "2025-02-21T04:56:13.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8535 (GCVE-0-2024-8535)
Vulnerability from cvelistv5 – Published: 2024-11-12 18:28 – Updated: 2024-11-21 16:18
VLAI?
Summary
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
Severity ?
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetScaler | NetScaler ADC |
Affected:
14.1 , < 29.72
(patch)
Affected: 13.1 , < 55.34 (patch) Affected: 13.1 FIPS , < 37.207 (patch) Affected: 12.1-FIPS , < 55.321 (patch) Affected: 12.1-NDcPP , < 55.321 (patch) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adc",
"vendor": "netscaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-ndcpp",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gateway",
"vendor": "netscaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-ndcpp",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T20:05:08.852710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:18:12.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1 FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAuthenticated user can access unintended user capabilities\u0026nbsp;\u003c/span\u003ein\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway if t\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u0026nbsp;\u003c/span\u003e\u003cstrong\u003eOR\u003c/strong\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;t\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as an\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAuth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Authenticated user can access unintended user capabilities\u00a0in\u00a0NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u00a0OR\u00a0the appliance must be configured as an\u00a0Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:31:02.674Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated user can access unintended user capabilities",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-8535",
"datePublished": "2024-11-12T18:28:51.398Z",
"dateReserved": "2024-09-06T17:18:27.467Z",
"dateUpdated": "2024-11-21T16:18:12.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8534 (GCVE-0-2024-8534)
Vulnerability from cvelistv5 – Published: 2024-11-12 18:15 – Updated: 2024-11-21 16:19
VLAI?
Summary
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetSclaer | NetScaler ADC |
Affected:
14.1 , < 29.72
(patch)
Affected: 13.1 , < 55.34 (patch) Affected: 13.1-FIPS , < 37.207 (patch) Affected: 12.1-FIPS , < 55.321 (patch) Affected: 12.1-NDcPP , < 55.321 (patch) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "adc",
"vendor": "netscaler",
"versions": [
{
"lessThan": "14.1-29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gateway",
"vendor": "netscaler",
"versions": [
{
"lessThan": "14.1-29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adc",
"vendor": "netscaler",
"versions": [
{
"lessThan": "13.1-55.34",
"status": "affected",
"version": "13.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler-adc_13.1-fips:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netscaler-adc_13.1-fips",
"vendor": "netscaler",
"versions": [
{
"lessThan": "13.1-37.207",
"status": "affected",
"version": "13.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler-adc_12.1-fips:12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netscaler-adc_12.1-fips",
"vendor": "netscaler",
"versions": [
{
"lessThan": "12.1-55.321",
"status": "affected",
"version": "12.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler-adc_12.1-ndcpp:12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netscaler-adc_12.1-ndcpp",
"vendor": "netscaler",
"versions": [
{
"lessThan": "12.1-55.321",
"status": "affected",
"version": "12.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T14:38:35.887321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:19:44.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC",
"vendor": "NetSclaer",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMemory safety vulnerability leading to memory corruption and Denial of Service\u0026nbsp;\u003c/span\u003ein NetScaler ADC and Gateway if t\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled\u0026nbsp;\u003c/span\u003e\u003cstrong\u003eOR t\u003c/strong\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver)\u0026nbsp;\u003c/span\u003e\u003cstrong\u003eOR t\u003c/strong\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled\u003c/span\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e\u003cbr\u003e"
}
],
"value": "Memory safety vulnerability leading to memory corruption and Denial of Service\u00a0in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled\u00a0OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver)\u00a0OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:15:44.673Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory safety vulnerability leading to memory corruption and Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-8534",
"datePublished": "2024-11-12T18:15:44.673Z",
"dateReserved": "2024-09-06T17:18:25.789Z",
"dateUpdated": "2024-11-21T16:19:44.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6236 (GCVE-0-2024-6236)
Vulnerability from cvelistv5 – Published: 2024-07-10 20:18 – Updated: 2025-08-27 20:42
VLAI?
Summary
Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetSclaer | NetScaler Console |
Affected:
14.1 , < 25.53
(patch)
Affected: 13.1 , < 52.25 (patch) Affected: 13.0 , < 92.31 (patch) |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler_console:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "netscaler_console",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler_console:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "netscaler_console",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler_console:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "netscaler_console",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:agent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "agent",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:agent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "agent",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:agent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "agent",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:sdx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sdx",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:sdx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sdx",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:sdx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sdx",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T17:23:21.359193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:59.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX677998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler Console",
"vendor": "NetSclaer",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Agent",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDX",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-09T20:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eDenial of Service \u003c/span\u003e\u003c/b\u003e in\u0026nbsp;\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eNetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Denial of Service in\u00a0NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:18:04.274Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX677998"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6236",
"datePublished": "2024-07-10T20:18:04.274Z",
"dateReserved": "2024-06-21T01:16:39.466Z",
"dateUpdated": "2025-08-27T20:42:59.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6235 (GCVE-0-2024-6235)
Vulnerability from cvelistv5 – Published: 2024-07-10 19:07 – Updated: 2025-04-23 03:56
VLAI?
Summary
Sensitive information disclosure in NetScaler Console
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetScaler | NetScaler Console |
Affected:
14.1 , < 25.53
(patch)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_console:14.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "netscaler_console",
"vendor": "citrix",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6235",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T03:56:02.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX677998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler Console",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eSensitive information disclosure\u003c/span\u003e\u003c/b\u003e\u0026nbsp;in\u0026nbsp;NetScaler Console"
}
],
"value": "Sensitive information disclosure\u00a0in\u00a0NetScaler Console"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T19:07:58.885Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX677998"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sensitive information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6235",
"datePublished": "2024-07-10T19:07:58.885Z",
"dateReserved": "2024-06-21T01:16:38.319Z",
"dateUpdated": "2025-04-23T03:56:02.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5491 (GCVE-0-2024-5491)
Vulnerability from cvelistv5 – Published: 2024-07-10 18:56 – Updated: 2024-11-01 15:22
VLAI?
Summary
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetScaler | NetScaler ADC |
Affected:
14.1 , < 25.53
(patch)
Affected: 13.1 , < 53.17 (patch) Affected: 13.0 , < 92.31 (patch) Affected: 13.1-FIPS , < 37.183 (patch) Affected: 12.1-FIPS , < 55.304 (patch) Affected: 12.1-NDcPP , < 55.304 (patch) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T20:25:24.933103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T15:22:05.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "53.17",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "37.183",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.304",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.304",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "53.17",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-09T18:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler"
}
],
"value": "Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T18:56:08.095Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-5491",
"datePublished": "2024-07-10T18:56:08.095Z",
"dateReserved": "2024-05-29T20:16:35.305Z",
"dateUpdated": "2024-11-01T15:22:05.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}