Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Citrix addressed NetScaler console privilege escalation flaw

Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions. Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. The vulnerability is an improper privilege management that could allow attackers to escalate privileges […]

Citrix NetScaler CVE-2026-3055

Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions.

Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent.

The vulnerability is an improper privilege management that could allow attackers to escalate privileges under certain conditions.

“A vulnerability has been discovered in NetScaler Console (formerly NetScaler ADM) and NetScaler Agent.” reads the advisory.

The vulnerability impacts the following supported versions:

  • NetScaler Agent 13.1 BEFORE 13.1-56.18
  • NetScaler Console 14.1 BEFORE  14.1-38.53
  • NetScaler Console 13.1 BEFORE  13.1-56.18
  • NetScaler Agent 14.1 BEFORE 14.1-38.53

The company pointed out that only authenticated users with existing access to the NetScaler Console can exploit this vulnerability.

“The issue arises due to inadequate privilege management and could be exploited by an authenticated malicious actor to execute commands without additional authorization. However, only authenticated users with existing access to the NetScaler Console can exploit this vulnerability, thereby limiting the threat surface to only authenticated users. Cloud Software Group recommends configuring external authentication for NetScaler Console as a best practice.” reads the advisory published by Netscaler. “Additionally, the potential impact on self-managed NetScaler Console is minimal because the current pre-condition of NetScaler Agent being deployed significantly reduces the blast radius.”

Cloud Software Group addressed the flaw with the release of the following versions:

  • NetScaler Console 14.1-38.53 and later releases 
  • NetScaler Console 13.1-56.18 and later releases of 13.1
  • NetScaler Agent 14.1-38.53 and later releases 
  • NetScaler Agent 13.1-56.18 and later releases of 13.1

Customers are recommended to update their versions as soon as possible because there are no workarounds to address this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NetScaler Console)