CVE-2024-12284

Name of the Vulnerable Software and Affected Versions NetScaler Console versions 13.1 through 13.1-56.18 NetScaler Console versions 14.1 through 14.1-38.53 NetScaler Agent versions 13.1 through 13.1-56.18 NetScaler Agent versions 14.1 through 14.1-38.53

Description The issue is related to authenticated privilege escalation in NetScaler Console and NetScaler Agent, which could allow attackers to execute unauthorized actions. This is due to improper privilege management, and only authenticated users can exploit the flaw, limiting the threat to those with existing access. The vulnerability allows malicious actors who already have access to the NetScaler Console to execute commands without further authorization.

Recommendations For NetScaler Console versions 13.1 through 13.1-56.18, update to version 13.1-56.18 or later. For NetScaler Console versions 14.1 through 14.1-38.53, update to version 14.1-38.53 or later. For NetScaler Agent versions 13.1 through 13.1-56.18, update to version 13.1-56.18 or later. For NetScaler Agent versions 14.1 through 14.1-38.53, update to version 14.1-38.53 or later. As a temporary workaround, consider restricting access to the NetScaler Console to minimize the risk of exploitation.