Latest Cyber Security News

You are here: Home / General Cyber Security News / Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
February 20, 2025

Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.

The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0

It has been described as a case of improper privilege management that could result in authenticated privilege escalation if the NetScaler Console Agent is deployed and allows an attacker to execute post-compromise actions.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The issue arises due to inadequate privilege management and could be exploited by an authenticated malicious actor to execute commands without additional authorization,” Netscaler noted.

“However, only authenticated users with existing access to the NetScaler Console can exploit this vulnerability, thereby limiting the threat surface to only authenticated users.”

Cybersecurity

The shortcoming affects the below versions –

  • NetScaler Console 14.1 before 14.1-38.53
  • NetScaler Console 13.1 before 13.1-56.18
  • NetScaler Agent 14.1 before 14.1-38.53
  • NetScaler Agent 13.1 before 13.1-56.18

It has been remediated in the below versions of the software –

  • NetScaler Console 14.1-38.53 and later releases
  • NetScaler Console 13.1-56.18 and later releases of 13.1
  • NetScaler Agent 14.1-38.53 and later releases
  • NetScaler Agent 13.1-56.18 and later releases of 13.1

“Cloud Software Group strongly urges customers of NetScaler Console and NetScaler Agent to install the relevant updated versions as soon as possible,” the company said, adding there are no workarounds to resolve the flaw.

That said, customers who are using Citrix-managed NetScaler Console Service do not need to take any action.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *