Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability

Avatar
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions. The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0 It has been described as a case of improper privilege management that could
[[{“value”:”

Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.

The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0

It has been described as a case of improper privilege management that could result in authenticated privilege escalation if the NetScaler Console Agent is deployed and allows an attacker to execute post-compromise actions.

“The issue arises due to inadequate privilege management and could be exploited by an authenticated malicious actor to execute commands without additional authorization,” Netscaler noted.

“However, only authenticated users with existing access to the NetScaler Console can exploit this vulnerability, thereby limiting the threat surface to only authenticated users.”

The shortcoming affects the below versions –

NetScaler Console 14.1 before 14.1-38.53
NetScaler Console 13.1 before 13.1-56.18
NetScaler Agent 14.1 before 14.1-38.53
NetScaler Agent 13.1 before 13.1-56.18

It has been remediated in the below versions of the software –

NetScaler Console 14.1-38.53 and later releases
NetScaler Console 13.1-56.18 and later releases of 13.1
NetScaler Agent 14.1-38.53 and later releases
NetScaler Agent 13.1-56.18 and later releases of 13.1

“Cloud Software Group strongly urges customers of NetScaler Console and NetScaler Agent to install the relevant updated versions as soon as possible,” the company said, adding there are no workarounds to resolve the flaw.

That said, customers who are using Citrix-managed NetScaler Console Service do not need to take any action.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Next Post

Microsoft’s End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now

Related Posts

North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin

Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. "The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces," the agencies said. "TraderTraitor activity is often characterized by targeted social
Avatar
Read More

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards such as DomainKeys
Avatar
Read More

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "
Avatar
Read More