Description
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
CVSS Metrics
- Vector
- CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Confidentiality
- undefined
- Integrity
- undefined
- Availability
- undefined
- Weaknesses
- CWE-552
Metadata
- Primary Vendor
- CITRIX
- Published
- 11/12/2024
- Last Modified
- 7/25/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
citrix : netscaler_application_delivery_controllercitrix : netscaler_application_delivery_controllercitrix : netscaler_application_delivery_controllercitrix : netscaler_application_delivery_controllercitrix : netscaler_application_delivery_controllercitrix : netscaler_gatewaycitrix : netscaler_gateway
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.