February 20, 2025 By Pierluigi Paganini
Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions.
Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent.
The vulnerability is an improper privilege management that could allow attackers to escalate privileges under certain conditions.
“A vulnerability has been discovered in NetScaler Console (formerly NetScaler ADM) and NetScaler Agent.” reads the advisory.
The vulnerability impacts the following supported versions:
- NetScaler Agent 13.1 BEFORE 13.1-56.18
- NetScaler Console 14.1 BEFORE 14.1-38.53
- NetScaler Console 13.1 BEFORE 13.1-56.18
- NetScaler Agent 14.1 BEFORE 14.1-38.53
The company pointed out that only authenticated users with existing access to the NetScaler Console can exploit this vulnerability.
