CVE-2024-12284

Published: Feb 20, 2025Modified: Jul 25, 2025

8.8

Vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: secure@citrix.com (Secondary)

Description

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.

Affected (30)

Products: Citrix: Netscaler Agent, Netscaler Console

Citrix

2 products

Netscaler Agent

Netscaler Console

Configuration A

30 vulnerable

Vulnerable Software	Affected Versions
Citrix Netscaler Agent	From 13.1-4.43 to 13.1-56.18
Citrix Netscaler Agent	From 14.1-4.42 to 14.1-38.53
Citrix Netscaler Agent	Version 13.0-58.30
Citrix Netscaler Console	Version 13.1 build12.50
Citrix Netscaler Console	Version 13.1 build17.42
Citrix Netscaler Console	Version 13.1 build21.53
Citrix Netscaler Console	Version 13.1 build24.38
Citrix Netscaler Console	Version 13.1 build27.62
Citrix Netscaler Console	Version 13.1 build30.52
Citrix Netscaler Console	Version 13.1 build33.50
Citrix Netscaler Console	Version 13.1 build37.38
Citrix Netscaler Console	Version 13.1 build4.43
Citrix Netscaler Console	Version 13.1 build42.47
Citrix Netscaler Console	Version 13.1 build45.61
Citrix Netscaler Console	Version 13.1 build48.47
Citrix Netscaler Console	Version 13.1 build49.13
Citrix Netscaler Console	Version 13.1 build50.23
Citrix Netscaler Console	Version 13.1 build51.14
Citrix Netscaler Console	Version 13.1 build52.19
Citrix Netscaler Console	Version 13.1 build53.22
Citrix Netscaler Console	Version 13.1 build53.24
Citrix Netscaler Console	Version 13.1 build54.29
Citrix Netscaler Console	Version 13.1 build55.29
Citrix Netscaler Console	Version 14.1 build12.34
Citrix Netscaler Console	Version 14.1 build17.38
Citrix Netscaler Console	Version 14.1 build21.60
Citrix Netscaler Console	Version 14.1 build25.53
Citrix Netscaler Console	Version 14.1 build25.56
Citrix Netscaler Console	Version 14.1 build29.63
Citrix Netscaler Console	Version 14.1 build34.43

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US

Source: secure@citrix.com

Vendor Advisory

Timeline

No history available yet.