CVE-2024-8534

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled

Published: Nov 12, 2024
Updated: Jul 26, 2025
CVE: CVE-2024-8534
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
citrix / netscaler_application_delivery_controller	14.1	14.1-29.72
citrix / netscaler_application_delivery_controller	12.1	12.1-55.321
citrix / netscaler_application_delivery_controller	13.1	13.1-37.207
citrix / netscaler_gateway	14.1	14.1-29.72
citrix / netscaler_application_delivery_controller	12.1	13.1-55.34
citrix / netscaler_gateway	12.1	13.1-55.34

https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US

Vulnerability Database

CVE-2024-8534