Citrix has launched safety updates for a high-severity safety flaw impacting NetScaler Console (previously NetScaler ADM) and NetScaler Agent that would result in privilege escalation below sure situations.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 rating of 8.8 out of a most of 10.0.
It has been described as a case of improper privilege administration that would end in authenticated privilege escalation if the NetScaler Console Agent is deployed and permits an attacker to execute post-compromise actions.
“The difficulty arises resulting from insufficient privilege administration and could possibly be exploited by an authenticated malicious actor to execute instructions with out extra authorization,” Netscaler noted.
“Nonetheless, solely authenticated customers with current entry to the NetScaler Console can exploit this vulnerability, thereby limiting the risk floor to solely authenticated customers.”
The shortcoming impacts the under variations –
- NetScaler Console 14.1 earlier than 14.1-38.53
- NetScaler Console 13.1 earlier than 13.1-56.18
- NetScaler Agent 14.1 earlier than 14.1-38.53
- NetScaler Agent 13.1 earlier than 13.1-56.18
It has been remediated within the under variations of the software program –
- NetScaler Console 14.1-38.53 and later releases
- NetScaler Console 13.1-56.18 and later releases of 13.1
- NetScaler Agent 14.1-38.53 and later releases
- NetScaler Agent 13.1-56.18 and later releases of 13.1
“Cloud Software program Group strongly urges clients of NetScaler Console and NetScaler Agent to put in the related up to date variations as quickly as doable,” the corporate mentioned, including there aren’t any workarounds to resolve the flaw.
That mentioned, clients who’re utilizing Citrix-managed NetScaler Console Service don’t must take any motion.
