Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: PRIVILEGE ESCALATION VULNERABILITY IN NETSCALER CONSOLE AND NETSCALER CONSOLE AGENT. PATCH IMMEDIATELY!
Image
Published : 21/02/2025
Reference:
Advisory #2025-41
Version:
1.0
Affected software:
NetScaler Console and NetScaler Console Agent
Type:
Privilege escalation
CVE/CVSS:
CVE-2024-12284: CVSS 8.8 (CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
Sources
NetScaler Citrix advisory - https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US
NetScaler article - https://www.netscaler.com/blog/news/cve-2024-12284-high-severity-security-update-for-netscaler-console/
Risks
On 18 February 2025, NetScaler addressed a high severity vulnerability in NetScaler Console and NetScaler Console Agent. CVE-2024-12284 can be exploited to escalate privileges, allowing an authenticated threat actor to execute commands without additional authorization.
There is no information as to active exploitation at this time (cut-off date: 21 February 2025).
Exploitation of this vulnerability can have a high impact on confidentiality, integrity, and availability.
Description
CVE-2024-12284 is an authenticated privilege escalation vulnerability in NetScaler Console (formerly NetScaler ADM) and NetScaler Console Agent. The flaw resides in improper privilege management. It could be exploited by an authenticated malicious actor to execute commands without additional authorization.
Please note that only authenticated users with existing access to the NetScaler Console can exploit this vulnerability, thereby limiting the threat surface to only authenticated users. In addition, this vulnerability only affects customer-managed NetScaler Console, and those that have NetScaler Console Agents deployed.
Remark: users of Citrix-managed NetScaler Console Service do not need to take any action.
Cloud Software Group recommends configuring external authentication for NetScaler Console as a best practice.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
There are no workarounds for this vulnerability.
NetScaler recommends upgrading to the most recent version for those who are running impacted versions on-prem:
- NetScaler Console & NetScaler Agent 14.1-38.53 and later releases
- NetScaler Console & NetScaler Agent 13.1-56.18 and later releases
For users who deployed Citrix-managed NetScaler Console Service, no action needs be taken.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
NetScaler Citrix advisory - https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US
NetScaler article - https://www.netscaler.com/blog/news/cve-2024-12284-high-severity-security-update-for-netscaler-console/