Citrix has launched safety updates for a high-severity safety flaw impacting NetScaler Console (previously NetScaler ADM) and NetScaler Agent that might result in privilege escalation below sure situations.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 rating of 8.8 out of a most of 10.0
It has been described as a case of improper privilege administration that might end in authenticated privilege escalation if the NetScaler Console Agent is deployed and permits an attacker to execute post-compromise actions.
“The difficulty arises as a result of insufficient privilege administration and might be exploited by an authenticated malicious actor to execute instructions with out extra authorization,” Netscaler noted.
“Nonetheless, solely authenticated customers with current entry to the NetScaler Console can exploit this vulnerability, thereby limiting the menace floor to solely authenticated customers.”
The shortcoming impacts the beneath variations –
- NetScaler Console 14.1 earlier than 14.1-38.53
- NetScaler Console 13.1 earlier than 13.1-56.18
- NetScaler Agent 14.1 earlier than 14.1-38.53
- NetScaler Agent 13.1 earlier than 13.1-56.18
It has been remediated within the beneath variations of the software program –
- NetScaler Console 14.1-38.53 and later releases
- NetScaler Console 13.1-56.18 and later releases of 13.1
- NetScaler Agent 14.1-38.53 and later releases
- NetScaler Agent 13.1-56.18 and later releases of 13.1
“Cloud Software program Group strongly urges prospects of NetScaler Console and NetScaler Agent to put in the related up to date variations as quickly as potential,” the corporate mentioned, including there aren’t any workarounds to resolve the flaw.
That mentioned, prospects who’re utilizing Citrix-managed NetScaler Console Service don’t have to take any motion.
Source link