Vulnerability-Lookup

NCSC-2024-0288

Vulnerability from csaf_ncscnl - Published: 2024-07-10 13:54 - Updated: 2024-07-11 15:05

Summary

Kwetsbaarheden verholpen in Citrix Workspace, NetScaler ADC en NetScaler Gateway

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Cirtix heeft een aantal kwetsbaarheden verholpen in Workspace, NetScaler ADC en NetScaler Gateway

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: * Denial-of-Service (DoS) * Manipulatie van gegevens * Verhoogde gebruikersrechten

Oplossingen: Citrix heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Voor meer informatie, zie bijgevoegde referenties.

Kans: medium

Schade: high

CWE-404: Improper Resource Shutdown or Release

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CVE-2024-5492

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

CVE-2024-5491

CWE-404 - Improper Resource Shutdown or Release

CVE-2024-6286

CVE-2024-6236

CWE-404 - Improper Resource Shutdown or Release

CVE-2024-6151

CVE-2024-6150

CVE-2024-6148

References

URL

Category

	https://api.first.org/data/v1/epss?cve=CVE-2024-5491	external
	https://api.first.org/data/v1/epss?cve=CVE-2024-5492	external
	https://api.first.org/data/v1/epss?cve=CVE-2024-6148	external
	https://api.first.org/data/v1/epss?cve=CVE-2024-6150	external
	https://api.first.org/data/v1/epss?cve=CVE-2024-6151	external
	https://api.first.org/data/v1/epss?cve=CVE-2024-6236	external
	https://api.first.org/data/v1/epss?cve=CVE-2024-6286	external
	https://nvd.nist.gov/vuln/detail/CVE-2024-5491	external
	https://nvd.nist.gov/vuln/detail/CVE-2024-5492	external
	https://nvd.nist.gov/vuln/detail/CVE-2024-6148	external
	https://nvd.nist.gov/vuln/detail/CVE-2024-6150	external
	https://nvd.nist.gov/vuln/detail/CVE-2024-6151	external
	https://nvd.nist.gov/vuln/detail/CVE-2024-6236	external
	https://nvd.nist.gov/vuln/detail/CVE-2024-6286	external
	https://wid.cert-bund.de/.well-known/csaf/white/2…	external
	https://wid.cert-bund.de/.well-known/csaf/white/2…	external
	https://wid.cert-bund.de/.well-known/csaf/white/2…	external
	https://wid.cert-bund.de/.well-known/csaf/white/2…	external
	https://wid.cert-bund.de/.well-known/csaf/white/2…	external
	https://www.cve.org/CVERecord?id=CVE-2024-5491	external
	https://www.cve.org/CVERecord?id=CVE-2024-5492	external
	https://www.cve.org/CVERecord?id=CVE-2024-6148	external
	https://www.cve.org/CVERecord?id=CVE-2024-6150	external
	https://www.cve.org/CVERecord?id=CVE-2024-6151	external
	https://www.cve.org/CVERecord?id=CVE-2024-6236	external
	https://www.cve.org/CVERecord?id=CVE-2024-6286	external
	https://support.citrix.com/article/CTX677944/nets…	external
	https://support.citrix.com/article/CTX677998/nets…	external
	https://support.citrix.com/article/CTX678035/wind…	external
	https://support.citrix.com/article/CTX678036/citr…	external
	https://support.citrix.com/article/CTX678037/citr…	external
	https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
	https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
	https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
	https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
	https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
	https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
	https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Cirtix heeft een aantal kwetsbaarheden verholpen in Workspace, NetScaler ADC en NetScaler Gateway",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n   * Denial-of-Service (DoS)\n   * Manipulatie van gegevens\n   * Verhoogde gebruikersrechten",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Citrix heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Voor meer informatie, zie bijgevoegde referenties.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
        "title": "CWE-601"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Source - first",
        "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5491"
      },
      {
        "category": "external",
        "summary": "Source - first",
        "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5492"
      },
      {
        "category": "external",
        "summary": "Source - first",
        "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6148"
      },
      {
        "category": "external",
        "summary": "Source - first",
        "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6150"
      },
      {
        "category": "external",
        "summary": "Source - first",
        "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6151"
      },
      {
        "category": "external",
        "summary": "Source - first",
        "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6236"
      },
      {
        "category": "external",
        "summary": "Source - first",
        "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6286"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5491"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5492"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6148"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6150"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6151"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6236"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6286"
      },
      {
        "category": "external",
        "summary": "Source - certbundde",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1557.json"
      },
      {
        "category": "external",
        "summary": "Source - certbundde",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1558.json"
      },
      {
        "category": "external",
        "summary": "Source - certbundde",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1559.json"
      },
      {
        "category": "external",
        "summary": "Source - certbundde",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1561.json"
      },
      {
        "category": "external",
        "summary": "Source - certbundde",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1577.json"
      },
      {
        "category": "external",
        "summary": "Source - cveprojectv5",
        "url": "https://www.cve.org/CVERecord?id=CVE-2024-5491"
      },
      {
        "category": "external",
        "summary": "Source - cveprojectv5",
        "url": "https://www.cve.org/CVERecord?id=CVE-2024-5492"
      },
      {
        "category": "external",
        "summary": "Source - cveprojectv5",
        "url": "https://www.cve.org/CVERecord?id=CVE-2024-6148"
      },
      {
        "category": "external",
        "summary": "Source - cveprojectv5",
        "url": "https://www.cve.org/CVERecord?id=CVE-2024-6150"
      },
      {
        "category": "external",
        "summary": "Source - cveprojectv5",
        "url": "https://www.cve.org/CVERecord?id=CVE-2024-6151"
      },
      {
        "category": "external",
        "summary": "Source - cveprojectv5",
        "url": "https://www.cve.org/CVERecord?id=CVE-2024-6236"
      },
      {
        "category": "external",
        "summary": "Source - cveprojectv5",
        "url": "https://www.cve.org/CVERecord?id=CVE-2024-6286"
      },
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-svm-security-bulletin-for-cve20246235-and-cve20246236"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://support.citrix.com/article/CTX678035/windows-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve20246151"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://support.citrix.com/article/CTX678036/citrix-workspace-app-for-windows-security-bulletin-cve20246286"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://support.citrix.com/article/CTX678037/citrix-workspace-app-for-html5-security-bulletin-cve20246148-and-cve20246149"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Citrix Workspace, NetScaler ADC en NetScaler Gateway",
    "tracking": {
      "current_release_date": "2024-07-11T15:05:36.608570Z",
      "id": "NCSC-2024-0288",
      "initial_release_date": "2024-07-10T13:54:21.933605Z",
      "revision_history": [
        {
          "date": "2024-07-10T13:54:21.933605Z",
          "number": "0",
          "summary": "Initiele versie"
        },
        {
          "date": "2024-07-11T15:05:36.608570Z",
          "number": "1",
          "summary": "De volgende CVE\u0027s zijn toegevoegd:\n* CVE-2024-6286\n* CVE-2024-2636\n* CVE-2024-6151\n* CVE-2024-6150\n* CVE-2024-6748"
        }
      ],
      "status": "final",
      "version": "1.0.1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "netscaler_console",
            "product": {
              "name": "netscaler_console",
              "product_id": "CSAFPID-1499415",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netsclaer:netscaler_console:13.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_console",
            "product": {
              "name": "netscaler_console",
              "product_id": "CSAFPID-1499414",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netsclaer:netscaler_console:14.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499376",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netsclaer:netscaler_adc:12.1-fips:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499377",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netsclaer:netscaler_adc:12.1-ndcpp:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499374",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netsclaer:netscaler_adc:13.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499375",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netsclaer:netscaler_adc:13.1-fips:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499373",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netsclaer:netscaler_adc:13.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499372",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netsclaer:netscaler_adc:14.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_console",
            "product": {
              "name": "netscaler_console",
              "product_id": "CSAFPID-1499416",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netsclaer:netscaler_console:13.0:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "netsclaer"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "netscaler_application_delivery_controller",
            "product": {
              "name": "netscaler_application_delivery_controller",
              "product_id": "CSAFPID-195679",
              "product_identification_helper": {
                "cpe": "cpe:2.3:h:citrix:netscaler_application_delivery_controller:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_gateway",
            "product": {
              "name": "netscaler_gateway",
              "product_id": "CSAFPID-618244",
              "product_identification_helper": {
                "cpe": "cpe:2.3:h:citrix:netscaler_gateway:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_gateway_firmware",
            "product": {
              "name": "netscaler_gateway_firmware",
              "product_id": "CSAFPID-219738",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:citrix:netscaler_gateway_firmware:13.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_gateway_firmware",
            "product": {
              "name": "netscaler_gateway_firmware",
              "product_id": "CSAFPID-219736",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:citrix:netscaler_gateway_firmware:13.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_gateway_firmware",
            "product": {
              "name": "netscaler_gateway_firmware",
              "product_id": "CSAFPID-1498868",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:citrix:netscaler_gateway_firmware:14.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_delivery_management",
            "product": {
              "name": "application_delivery_management",
              "product_id": "CSAFPID-730743",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:application_delivery_management:13.0:-:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_delivery_management",
            "product": {
              "name": "application_delivery_management",
              "product_id": "CSAFPID-1499328",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:application_delivery_management:13.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_delivery_management",
            "product": {
              "name": "application_delivery_management",
              "product_id": "CSAFPID-1499327",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:application_delivery_management:14.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "citrix_provisioning",
            "product": {
              "name": "citrix_provisioning",
              "product_id": "CSAFPID-1499406",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:citrix_provisioning:1912_ltsr:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "citrix_provisioning",
            "product": {
              "name": "citrix_provisioning",
              "product_id": "CSAFPID-1499405",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:citrix_provisioning:22.3_ltsr:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "citrix_provisioning",
            "product": {
              "name": "citrix_provisioning",
              "product_id": "CSAFPID-1499404",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:citrix_provisioning:2402:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "citrix_workspace_app_for_html5",
            "product": {
              "name": "citrix_workspace_app_for_html5",
              "product_id": "CSAFPID-1499498",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:citrix_workspace_app_for_html5:2404:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "citrix_workspace_app_for_windows",
            "product": {
              "name": "citrix_workspace_app_for_windows",
              "product_id": "CSAFPID-1499408",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:citrix_workspace_app_for_windows:2402_ltsr:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "citrix_workspace_app_for_windows",
            "product": {
              "name": "citrix_workspace_app_for_windows",
              "product_id": "CSAFPID-1499407",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:citrix_workspace_app_for_windows:2403:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_agent",
            "product": {
              "name": "netscaler_agent",
              "product_id": "CSAFPID-1498494",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:netscaler_agent:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_application_delivery_controller",
            "product": {
              "name": "netscaler_application_delivery_controller",
              "product_id": "CSAFPID-681827",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_application_delivery_controller",
            "product": {
              "name": "netscaler_application_delivery_controller",
              "product_id": "CSAFPID-226051",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:fips:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_application_delivery_controller",
            "product": {
              "name": "netscaler_application_delivery_controller",
              "product_id": "CSAFPID-226052",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:ndcpp:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_application_delivery_controller",
            "product": {
              "name": "netscaler_application_delivery_controller",
              "product_id": "CSAFPID-795258",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_application_delivery_controller",
            "product": {
              "name": "netscaler_application_delivery_controller",
              "product_id": "CSAFPID-795257",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_application_delivery_controller",
            "product": {
              "name": "netscaler_application_delivery_controller",
              "product_id": "CSAFPID-226046",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:fips:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_application_delivery_controller",
            "product": {
              "name": "netscaler_application_delivery_controller",
              "product_id": "CSAFPID-795255",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_console",
            "product": {
              "name": "netscaler_console",
              "product_id": "CSAFPID-1498495",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:netscaler_console:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_gateway",
            "product": {
              "name": "netscaler_gateway",
              "product_id": "CSAFPID-226010",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_svm",
            "product": {
              "name": "netscaler_svm",
              "product_id": "CSAFPID-1498496",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:netscaler_svm:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "provisioning_services",
            "product": {
              "name": "provisioning_services",
              "product_id": "CSAFPID-1499324",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:provisioning_services:-:*:*:*:ltsr:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "provisioning_services",
            "product": {
              "name": "provisioning_services",
              "product_id": "CSAFPID-1499325",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:provisioning_services:2203:*:*:*:ltsr:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "virtual_apps_and_desktops",
            "product": {
              "name": "virtual_apps_and_desktops",
              "product_id": "CSAFPID-457601",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "virtual_apps_and_desktops",
            "product": {
              "name": "virtual_apps_and_desktops",
              "product_id": "CSAFPID-1499326",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:*:ltsr:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "windows_virtual_delivery_agent",
            "product": {
              "name": "windows_virtual_delivery_agent",
              "product_id": "CSAFPID-1499412",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:windows_virtual_delivery_agent:1912_ltsr:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "windows_virtual_delivery_agent",
            "product": {
              "name": "windows_virtual_delivery_agent",
              "product_id": "CSAFPID-1499413",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:windows_virtual_delivery_agent:2203_ltsr:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "windows_virtual_delivery_agent",
            "product": {
              "name": "windows_virtual_delivery_agent",
              "product_id": "CSAFPID-1499411",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:windows_virtual_delivery_agent:2402:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "workspace_app",
            "product": {
              "name": "workspace_app",
              "product_id": "CSAFPID-1454897",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "workspace",
            "product": {
              "name": "workspace",
              "product_id": "CSAFPID-355107",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:citrix:workspace:-:*:*:*:ltsr:windows:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "citrix"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "agent",
            "product": {
              "name": "agent",
              "product_id": "CSAFPID-1499419",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:agent:13.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "agent",
            "product": {
              "name": "agent",
              "product_id": "CSAFPID-1499418",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:agent:13.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "agent",
            "product": {
              "name": "agent",
              "product_id": "CSAFPID-1499417",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:agent:14.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499383",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:netscaler_adc:12.1-fips:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499384",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:netscaler_adc:12.1-ndcpp:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499381",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:netscaler_adc:13.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499382",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:netscaler_adc:13.1-fips:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499380",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:netscaler_adc:13.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_adc",
            "product": {
              "name": "netscaler_adc",
              "product_id": "CSAFPID-1499379",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:netscaler_adc:14.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_gateway",
            "product": {
              "name": "netscaler_gateway",
              "product_id": "CSAFPID-1499387",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:netscaler_gateway:13.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_gateway",
            "product": {
              "name": "netscaler_gateway",
              "product_id": "CSAFPID-1499386",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:netscaler_gateway:13.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "netscaler_gateway",
            "product": {
              "name": "netscaler_gateway",
              "product_id": "CSAFPID-1499385",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:netscaler_gateway:14.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sdx",
            "product": {
              "name": "sdx",
              "product_id": "CSAFPID-1499422",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:sdx:13.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sdx",
            "product": {
              "name": "sdx",
              "product_id": "CSAFPID-1499421",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:sdx:13.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sdx",
            "product": {
              "name": "sdx",
              "product_id": "CSAFPID-1499420",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:netscaler:sdx:14.1:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "netscaler"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-5492",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-681827",
          "CSAFPID-226010",
          "CSAFPID-1499372",
          "CSAFPID-1499373",
          "CSAFPID-1499374",
          "CSAFPID-1499375",
          "CSAFPID-1499376",
          "CSAFPID-1499377"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5492",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5492.json"
        }
      ],
      "title": "CVE-2024-5492"
    },
    {
      "cve": "CVE-2024-5491",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-681827",
          "CSAFPID-226010",
          "CSAFPID-1499379",
          "CSAFPID-1499380",
          "CSAFPID-1499381",
          "CSAFPID-1499382",
          "CSAFPID-1499383",
          "CSAFPID-1499384",
          "CSAFPID-1499385",
          "CSAFPID-1499386",
          "CSAFPID-1499387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5491",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5491.json"
        }
      ],
      "title": "CVE-2024-5491"
    },
    {
      "cve": "CVE-2024-6286",
      "product_status": {
        "known_affected": [
          "CSAFPID-1499407",
          "CSAFPID-1499408"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6286",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6286.json"
        }
      ],
      "title": "CVE-2024-6286"
    },
    {
      "cve": "CVE-2024-6236",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1499414",
          "CSAFPID-1499415",
          "CSAFPID-1499416",
          "CSAFPID-1499417",
          "CSAFPID-1499418",
          "CSAFPID-1499419",
          "CSAFPID-1499420",
          "CSAFPID-1499421",
          "CSAFPID-1499422"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6236",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6236.json"
        }
      ],
      "title": "CVE-2024-6236"
    },
    {
      "cve": "CVE-2024-6151",
      "product_status": {
        "known_affected": [
          "CSAFPID-457601",
          "CSAFPID-1499411",
          "CSAFPID-1499412",
          "CSAFPID-1499413"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6151",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6151.json"
        }
      ],
      "title": "CVE-2024-6151"
    },
    {
      "cve": "CVE-2024-6150",
      "product_status": {
        "known_affected": [
          "CSAFPID-1499404",
          "CSAFPID-1499405",
          "CSAFPID-1499406"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6150",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6150.json"
        }
      ],
      "title": "CVE-2024-6150"
    },
    {
      "cve": "CVE-2024-6148",
      "product_status": {
        "known_affected": [
          "CSAFPID-1499498"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6148",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6148.json"
        }
      ],
      "title": "CVE-2024-6148"
    }
  ]
}

CVE-2024-5492 (GCVE-0-2024-5492)

Vulnerability from cvelistv5 – Published: 2024-07-10 19:04 – Updated: 2024-08-01 21:11

Title

Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites

Summary

Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway

Severity ?

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

Citrix

References

URL

Tags

https://support.citrix.com/article/CTX677944/nets…

Impacted products

	Vendor	Product	Version
	NetSclaer	NetScaler ADC	Affected: 14.1 , < 25.53 (patch) Affected: 13.1 , < 53.17 (patch) Affected: 13.0 , < 92.13 (patch) Affected: 13.1-FIPS , < 37.183 (patch) Affected: 12.1-FIPS , < 55.304 (patch) Affected: 12.1-NDcPP , < 55.304 (patch)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "netscaler_application_delivery_controller",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "14.1-25.53",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1-53.17",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0-92.31",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1-37.183",
                "status": "affected",
                "version": "13.1-FIPS",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1-55.304",
                "status": "affected",
                "version": "12.1-FIPS",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1-55.304",
                "status": "affected",
                "version": "12.1-NDcPP",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "netscaler_gateway",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "14.1-25.53",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1-53.17",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0-92.31",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5492",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T20:06:46.037235Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-601",
                "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-12T20:15:15.431Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:11:12.831Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler ADC",
          "vendor": "NetSclaer",
          "versions": [
            {
              "lessThan": "25.53",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "53.17",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.13",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            },
            {
              "lessThan": "37.183",
              "status": "affected",
              "version": "13.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.304",
              "status": "affected",
              "version": "12.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.304",
              "status": "affected",
              "version": "12.1-NDcPP",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOpen redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites\u003c/span\u003e\u0026nbsp;in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway \u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites\u00a0in NetScaler ADC and NetScaler Gateway"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T19:04:40.775Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2024-5492",
    "datePublished": "2024-07-10T19:04:40.775Z",
    "dateReserved": "2024-05-29T20:16:36.573Z",
    "dateUpdated": "2024-08-01T21:11:12.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5491 (GCVE-0-2024-5491)

Vulnerability from cvelistv5 – Published: 2024-07-10 18:56 – Updated: 2024-11-01 15:22

Title

Denial of Service

Summary

Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler

Severity ?

7.2 (High)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N

CWE

CWE-noinfo Not enough information

Assigner

Citrix

References

URL

Tags

https://support.citrix.com/article/CTX677944/nets…

Impacted products

Vendor

Product

Version

NetScaler

NetScaler ADC

Affected: 14.1 , < 25.53 (patch)
Affected: 13.1 , < 53.17 (patch)
Affected: 13.0 , < 92.31 (patch)
Affected: 13.1-FIPS , < 37.183 (patch)
Affected: 12.1-FIPS , < 55.304 (patch)
Affected: 12.1-NDcPP , < 55.304 (patch)

NetScaler

NetScaler Gateway

Affected: 14.1 , < 25.53 (patch)
Affected: 13.1 , < 53.17 (patch)
Affected: 13.0 , < 92.31 (patch)

Date Public ?

2024-07-09 18:46

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5491",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T20:25:24.933103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T15:22:05.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:11:12.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler ADC",
          "vendor": "NetScaler",
          "versions": [
            {
              "lessThan": "25.53",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "53.17",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.31",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            },
            {
              "lessThan": "37.183",
              "status": "affected",
              "version": "13.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.304",
              "status": "affected",
              "version": "12.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.304",
              "status": "affected",
              "version": "12.1-NDcPP",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler Gateway",
          "vendor": "NetScaler",
          "versions": [
            {
              "lessThan": "25.53",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "53.17",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.31",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2024-07-09T18:46:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler"
            }
          ],
          "value": "Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T18:56:08.095Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2024-5491",
    "datePublished": "2024-07-10T18:56:08.095Z",
    "dateReserved": "2024-05-29T20:16:35.305Z",
    "dateUpdated": "2024-11-01T15:22:05.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6286 (GCVE-0-2024-6286)

Vulnerability from cvelistv5 – Published: 2024-07-10 20:25 – Updated: 2024-08-01 21:33

Title

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges

Summary

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Severity ?

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-269 - Improper Privilege Management

Assigner

Citrix

References

URL

Tags

https://support.citrix.com/article/CTX678036

Impacted products

	Vendor	Product	Version
	Citrix	Citrix Workspace app for Windows	Affected: 2403 , < 1 (patch) Affected: 2402 LTSR , < 0 (patch)

Date Public ?

2024-07-09 20:23

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:citrix:workspace:-:*:*:*:-:windows:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "workspace",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "2403.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:citrix:workspace:-:*:*:*:ltsr:windows:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "workspace",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "2402",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6286",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T03:55:35.410636Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T12:55:40.673Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:33:05.352Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX678036"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Citrix Workspace app for Windows",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "1",
              "status": "affected",
              "version": "2403",
              "versionType": "patch"
            },
            {
              "lessThan": "0",
              "status": "affected",
              "version": "2402 LTSR",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2024-07-09T20:23:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges \u003c/span\u003e\u003c/b\u003e in\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for Windows\u003c/span\u003e"
            }
          ],
          "value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges  in\u00a0Citrix Workspace app for Windows"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T20:25:21.414Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX678036"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2024-6286",
    "datePublished": "2024-07-10T20:25:21.414Z",
    "dateReserved": "2024-06-24T15:14:48.157Z",
    "dateUpdated": "2024-08-01T21:33:05.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6148 (GCVE-0-2024-6148)

Vulnerability from cvelistv5 – Published: 2024-07-10 20:40 – Updated: 2025-03-25 16:40

Summary

Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-276 - Incorrect Default Permissions

Assigner

Citrix

References

URL

Tags

https://support.citrix.com/article/CTX678037

Impacted products

	Vendor	Product	Version
	Citrix	Citrix Workspace app for HTML5	Affected: 2404 , < 1 (patch)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6148",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T15:56:38.688577Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-276",
                "description": "CWE-276 Incorrect Default Permissions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T16:40:45.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:33:04.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX678037"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Citrix Workspace app for HTML5",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "1",
              "status": "affected",
              "version": "2404",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eBypass of GACS Policy Configuration settings\u003c/span\u003e\u003c/b\u003e in \u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for HTML5\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
            }
          ],
          "value": "Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T20:40:07.129Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX678037"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2024-6148",
    "datePublished": "2024-07-10T20:40:07.129Z",
    "dateReserved": "2024-06-18T21:14:31.903Z",
    "dateUpdated": "2025-03-25T16:40:45.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6236 (GCVE-0-2024-6236)

Vulnerability from cvelistv5 – Published: 2024-07-10 20:18 – Updated: 2025-08-27 20:42

Title

Denial of Service

Summary

Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX

Severity ?

7.1 (High)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

Citrix

References

URL

Tags

https://support.citrix.com/article/CTX677998

Impacted products

Vendor

Product

Version

NetSclaer

NetScaler Console

Affected: 14.1 , < 25.53 (patch)
Affected: 13.1 , < 52.25 (patch)
Affected: 13.0 , < 92.31 (patch)

	NetScaler	Agent	Affected: 14.1 , < 25.53 (patch) Affected: 13.1 , < 52.25 (patch) Affected: 13.0 , < 92.31 (patch)
	NetScaler	SDX	Affected: 14.1 , < 25.53 (patch) Affected: 13.1 , < 52.25 (patch) Affected: 13.0 , < 92.31 (patch)

Date Public ?

2024-07-09 20:12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:netscaler:netscaler_console:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "netscaler_console",
            "vendor": "netscaler",
            "versions": [
              {
                "lessThan": "25.53",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "52.25",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              },
              {
                "lessThan": "92.31",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netscaler:netscaler_console:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "netscaler_console",
            "vendor": "netscaler",
            "versions": [
              {
                "lessThan": "25.53",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "52.25",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              },
              {
                "lessThan": "92.31",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netscaler:netscaler_console:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "netscaler_console",
            "vendor": "netscaler",
            "versions": [
              {
                "lessThan": "25.53",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "52.25",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              },
              {
                "lessThan": "92.31",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netscaler:agent:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "agent",
            "vendor": "netscaler",
            "versions": [
              {
                "lessThan": "25.53",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "52.25",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              },
              {
                "lessThan": "92.31",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netscaler:agent:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "agent",
            "vendor": "netscaler",
            "versions": [
              {
                "lessThan": "25.53",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "52.25",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              },
              {
                "lessThan": "92.31",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netscaler:agent:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "agent",
            "vendor": "netscaler",
            "versions": [
              {
                "lessThan": "25.53",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "52.25",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              },
              {
                "lessThan": "92.31",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netscaler:sdx:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sdx",
            "vendor": "netscaler",
            "versions": [
              {
                "lessThan": "25.53",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "52.25",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              },
              {
                "lessThan": "92.31",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netscaler:sdx:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sdx",
            "vendor": "netscaler",
            "versions": [
              {
                "lessThan": "25.53",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "52.25",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              },
              {
                "lessThan": "92.31",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netscaler:sdx:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sdx",
            "vendor": "netscaler",
            "versions": [
              {
                "lessThan": "25.53",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "52.25",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              },
              {
                "lessThan": "92.31",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6236",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T17:23:21.359193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T20:42:59.832Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:33:05.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX677998"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler Console",
          "vendor": "NetSclaer",
          "versions": [
            {
              "lessThan": "25.53",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "52.25",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.31",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Agent",
          "vendor": "NetScaler",
          "versions": [
            {
              "lessThan": "25.53",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "52.25",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.31",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SDX",
          "vendor": "NetScaler",
          "versions": [
            {
              "lessThan": "25.53",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "52.25",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.31",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2024-07-09T20:12:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eDenial of Service  \u003c/span\u003e\u003c/b\u003e in\u0026nbsp;\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eNetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
            }
          ],
          "value": "Denial of Service   in\u00a0NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T20:18:04.274Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX677998"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2024-6236",
    "datePublished": "2024-07-10T20:18:04.274Z",
    "dateReserved": "2024-06-21T01:16:39.466Z",
    "dateUpdated": "2025-08-27T20:42:59.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6150 (GCVE-0-2024-6150)

Vulnerability from cvelistv5 – Published: 2024-07-10 20:31 – Updated: 2024-10-29 18:21

Summary

A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning

Severity ?

4.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

CWE

CWE-863 - Incorrect Authorization

Assigner

Citrix

References

URL

Tags

https://support.citrix.com/article/CTX678025

Impacted products

	Vendor	Product	Version
	Citrix	Citrix Provisioning	Affected: 2402 , < 0 (patch) Affected: 22.3 LTSR , < CU5 (patch) Affected: 1912 LTSR , < CU9 (patch)

Date Public ?

2024-07-09 20:29

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6150",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T14:46:53.544580Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T18:21:15.712Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:33:04.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX678025"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Citrix Provisioning",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "0",
              "status": "affected",
              "version": "2402",
              "versionType": "patch"
            },
            {
              "lessThan": "CU5",
              "status": "affected",
              "version": "22.3 LTSR",
              "versionType": "patch"
            },
            {
              "lessThan": "CU9",
              "status": "affected",
              "version": "1912 LTSR",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2024-07-09T20:29:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eA non-admin user can cause short-term disruption in Target VM availability\u0026nbsp;\u003c/span\u003e\u003c/b\u003ein\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;Citrix Provisioning\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
            }
          ],
          "value": "A non-admin user can cause short-term disruption in Target VM availability\u00a0in\u00a0Citrix Provisioning"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T20:31:26.370Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX678025"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2024-6150",
    "datePublished": "2024-07-10T20:31:26.370Z",
    "dateReserved": "2024-06-18T21:14:34.056Z",
    "dateUpdated": "2024-10-29T18:21:15.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6151 (GCVE-0-2024-6151)

Vulnerability from cvelistv5 – Published: 2024-07-10 20:21 – Updated: 2024-08-01 21:33

Title

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges

Summary

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS

Severity ?

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-269 - Improper Privilege Management

Assigner

Citrix

References

URL

Tags

https://support.citrix.com/article/CTX678035

Impacted products

	Vendor	Product	Version
	Citrix	Windows Virtual Delivery Agent	Affected: 2402 , < 0 (patch) Affected: 1912 LTSR , < CU9 (patch) Affected: 2203 LTSR , < CU5 (patch)

Date Public ?

2024-07-09 20:19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "virtual_apps_and_desktops",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "2402",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "CU9",
                "status": "affected",
                "version": "1912 LTSR",
                "versionType": "custom"
              },
              {
                "lessThan": "CU5",
                "status": "affected",
                "version": "2203 LTSR",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6151",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-18T03:55:19.557Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:33:04.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX678035"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Windows Virtual Delivery Agent",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "0",
              "status": "affected",
              "version": "2402",
              "versionType": "patch"
            },
            {
              "lessThan": "CU9",
              "status": "affected",
              "version": "1912 LTSR",
              "versionType": "patch"
            },
            {
              "lessThan": "CU5",
              "status": "affected",
              "version": "2203 LTSR",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2024-07-09T20:19:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges\u0026nbsp;\u003c/span\u003e\u003c/b\u003ein\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eVirtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS\u003c/span\u003e"
            }
          ],
          "value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T20:21:25.554Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX678035"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2024-6151",
    "datePublished": "2024-07-10T20:21:25.554Z",
    "dateReserved": "2024-06-18T21:14:34.928Z",
    "dateUpdated": "2024-08-01T21:33:04.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

NCSC-2024-0288

CVE-2024-5492 (GCVE-0-2024-5492)

CVE-2024-5491 (GCVE-0-2024-5491)

CVE-2024-6286 (GCVE-0-2024-6286)

CVE-2024-6148 (GCVE-0-2024-6148)

CVE-2024-6236 (GCVE-0-2024-6236)

CVE-2024-6150 (GCVE-0-2024-6150)

CVE-2024-6151 (GCVE-0-2024-6151)

Tags

Sightings

Nomenclature