Citrix has released security updates for high-strength security flaws that affect Netscaler Console (formerly Netscaler ADM) and Netscaler agents that can lead to privilege escalation under certain conditions.
The vulnerability tracked as CVE-2024-12284 is given a CVSS V4 score of 8.8 out of 10.0.
It is described as an inappropriate privilege management case that can lead to authenticated privilege escalation when a Netscaler Console agent is deployed and enable an attacker to perform post-conflict actions.
“This issue arises due to insufficient privilege management, allowing commands to be run by authenticated malicious actors without additional permission,” Netscaler said.
“However, only authenticated users with existing access to the Netscaler console can leverage this vulnerability to restrict threats to authenticated users only.”
The drawbacks affect the following versions –
Netscaler Console 14.1 14.1-38.53 before Netscaler Console 13.1 13.1-56.18 before Netscaler Agent 14.1 14.1-38.53 before Netscaler Agent 13.1 Before 13.1-56.18
Fixed in the following versions of the software –
Releases Netscaler Console 14.1-38.53 and later, releases 13.1-56.18 and later, releases 13.1 Netscaler Agent 14.1-38.53, then releases Netscaler Agent 13.1-56.18 and releases later than 13.1
“Cloud Software Group urges its Netscaler Console and Netscaler Agent customers to install the associated updated versions as soon as possible,” the company said, adding that there is no workaround to resolve the defect.
That said, customers using Citrix-managed Netscaler Console services don’t need to take any action.
Source link
