Citrix has launched safety updates for a high-severity safety flaw impacting NetScaler Console (previously NetScaler ADM) and NetScaler Agent that might result in privilege escalation below sure circumstances.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 rating of 8.8 out of a most of 10.0
It has been described as a case of improper privilege administration that might end in authenticated privilege escalation if the NetScaler Console Agent is deployed and permits an attacker to execute post-compromise actions.
“The difficulty arises as a result of insufficient privilege administration and might be exploited by an authenticated malicious actor to execute instructions with out further authorization,” Netscaler famous.
“Nonetheless, solely authenticated customers with present entry to the NetScaler Console can exploit this vulnerability, thereby limiting the risk floor to solely authenticated customers.”
The shortcoming impacts the beneath variations –
- NetScaler Console 14.1 earlier than 14.1-38.53
- NetScaler Console 13.1 earlier than 13.1-56.18
- NetScaler Agent 14.1 earlier than 14.1-38.53
- NetScaler Agent 13.1 earlier than 13.1-56.18
It has been remediated within the beneath variations of the software program –
- NetScaler Console 14.1-38.53 and later releases
- NetScaler Console 13.1-56.18 and later releases of 13.1
- NetScaler Agent 14.1-38.53 and later releases
- NetScaler Agent 13.1-56.18 and later releases of 13.1
“Cloud Software program Group strongly urges prospects of NetScaler Console and NetScaler Agent to put in the related up to date variations as quickly as doable,” the corporate mentioned, including there are not any workarounds to resolve the flaw.
That mentioned, prospects who’re utilizing Citrix-managed NetScaler Console Service don’t must take any motion.