Citrix has launched safety updates for a high-severity safety flaw impacting NetScaler Console (previously NetScaler ADM) and NetScaler Agent that would result in privilege escalation below sure situations.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 rating of 8.8 out of a most of 10.0
It has been described as a case of improper privilege administration that would lead to authenticated privilege escalation if the NetScaler Console Agent is deployed and permits an attacker to execute post-compromise actions.
“The problem arises as a consequence of insufficient privilege administration and may very well be exploited by an authenticated malicious actor to execute instructions with out extra authorization,” Netscaler famous.
“Nonetheless, solely authenticated customers with present entry to the NetScaler Console can exploit this vulnerability, thereby limiting the menace floor to solely authenticated customers.”
The shortcoming impacts the under variations –
- NetScaler Console 14.1 earlier than 14.1-38.53
- NetScaler Console 13.1 earlier than 13.1-56.18
- NetScaler Agent 14.1 earlier than 14.1-38.53
- NetScaler Agent 13.1 earlier than 13.1-56.18
It has been remediated within the under variations of the software program –
- NetScaler Console 14.1-38.53 and later releases
- NetScaler Console 13.1-56.18 and later releases of 13.1
- NetScaler Agent 14.1-38.53 and later releases
- NetScaler Agent 13.1-56.18 and later releases of 13.1
“Cloud Software program Group strongly urges clients of NetScaler Console and NetScaler Agent to put in the related up to date variations as quickly as doable,” the corporate stated, including there aren’t any workarounds to resolve the flaw.
That stated, clients who’re utilizing Citrix-managed NetScaler Console Service don’t must take any motion.