Vulnerability-Lookup

CVE-2024-12284 (GCVE-0-2024-12284)

Vulnerability from cvelistv5 – Published: 2025-02-19 23:30 – Updated: 2025-02-21 04:56

Title

Authenticated privilege escalation

Summary

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.

Severity ?

8.8 (High)


                        
                          CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-269 - Improper Privilege Management

Assigner

Citrix

References

URL

Tags

https://support.citrix.com/s/article/CTX692579-ne…

Impacted products

Vendor

Product

Version

NetScaler

Console

Affected: 14.1 , < 38.53 (patch)
Affected: 13.1 , < 56.18 (patch)

NetScaler

Agent

Affected: 14.1 , < 38.53 (patch)
Affected: 13.1 , < 56.18 (patch)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12284",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-21T04:56:13.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Console",
          "vendor": "NetScaler",
          "versions": [
            {
              "lessThan": "38.53",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "56.18",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Agent",
          "vendor": "NetScaler",
          "versions": [
            {
              "lessThan": "38.53",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "56.18",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2025-02-18T23:27:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authenticated privilege escalation in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler Console and NetScaler Agen\u003c/span\u003et allows."
            }
          ],
          "value": "Authenticated privilege escalation in\u00a0NetScaler Console and NetScaler Agent allows."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-19T23:30:22.357Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authenticated privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2024-12284",
    "datePublished": "2025-02-19T23:30:11.146Z",
    "dateReserved": "2024-12-05T20:44:23.593Z",
    "dateUpdated": "2025-02-21T04:56:13.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12284\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-20T17:24:21.739016Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-20T17:24:27.297Z\"}}], \"cna\": {\"title\": \"Authenticated privilege escalation\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NetScaler\", \"product\": \"Console\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\", \"lessThan\": \"38.53\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1\", \"lessThan\": \"56.18\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NetScaler\", \"product\": \"Agent\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\", \"lessThan\": \"38.53\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1\", \"lessThan\": \"56.18\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-02-18T23:27:00.000Z\", \"references\": [{\"url\": \"https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authenticated privilege escalation in\\u00a0NetScaler Console and NetScaler Agent allows.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Authenticated privilege escalation in\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eNetScaler Console and NetScaler Agen\u003c/span\u003et allows.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"shortName\": \"Citrix\", \"dateUpdated\": \"2025-02-19T23:30:22.357Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-12284\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-20T17:24:31.172Z\", \"dateReserved\": \"2024-12-05T20:44:23.593Z\", \"assignerOrgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"datePublished\": \"2025-02-19T23:30:11.146Z\", \"assignerShortName\": \"Citrix\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0142

Vulnerability from certfr_avis - Published: 2025-02-19 - Updated: 2025-02-19

De multiples vulnérabilités ont été découvertes dans les produits Citrix. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Citrix	NetScaler Console	NetScaler Console versions 13.1.x antérieures à 13.1-56.18
Citrix	Citrix Secure Access client	Citrix Secure Access client versions antérieures à 25.01.2 pour Mac
Citrix	NetScaler Console	NetScaler Console versions 14.1.x antérieures à 14.1-38.53
Citrix	NetScaler Agent	NetScaler Agent versions 13.1.x antérieures à 13.1-56.18
Citrix	NetScaler Agent	NetScaler Agent versions 14.1.x antérieures à 14.1-38.53

References

Title

Publication Time

FKIE_CVE-2024-12284

Vulnerability from fkie_nvd - Published: 2025-02-20 00:15 - Updated: 2025-07-25 19:16

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.

References

	URL	Tags
	secure@citrix.com	https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US	Vendor Advisory

Impacted products

Vendor	Product	Version
citrix	netscaler_agent	*
citrix	netscaler_agent	*
citrix	netscaler_agent	13.0-58.30
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	13.1
citrix	netscaler_console	14.1
citrix	netscaler_console	14.1
citrix	netscaler_console	14.1
citrix	netscaler_console	14.1
citrix	netscaler_console	14.1
citrix	netscaler_console	14.1
citrix	netscaler_console	14.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_agent:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "50F009DC-47A2-4366-81DF-A2F923BF93C3",
              "versionEndExcluding": "13.1-56.18",
              "versionStartIncluding": "13.1-4.43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_agent:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "EAE55DAD-34F8-4B34-855D-D13BAFD4A133",
              "versionEndExcluding": "14.1-38.53",
              "versionStartIncluding": "14.1-4.42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_agent:13.0-58.30:*:*:*:-:*:*:*",
              "matchCriteriaId": "A84CD230-F26C-4E2D-AA9C-70BB679FA896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build12.50:*:*:*:*:*:*",
              "matchCriteriaId": "527D1878-0C2B-434F-A1D6-DF7A3D675A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build17.42:*:*:*:*:*:*",
              "matchCriteriaId": "838758F6-D771-4D0B-A546-749106C25C22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build21.53:*:*:*:*:*:*",
              "matchCriteriaId": "DDAA78E3-0C5E-45BD-B533-D0B45D5CFB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build24.38:*:*:*:*:*:*",
              "matchCriteriaId": "11C375C3-9D70-415D-98AE-701781ED30B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build27.62:*:*:*:*:*:*",
              "matchCriteriaId": "6B42BCE1-E54E-4200-B5DF-433CF305154E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build30.52:*:*:*:*:*:*",
              "matchCriteriaId": "9B9CF88F-C690-4E1C-8E51-7BDAA28D3666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build33.50:*:*:*:*:*:*",
              "matchCriteriaId": "6191E4B9-B834-45F2-BB15-A04D6EBAED95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build37.38:*:*:*:*:*:*",
              "matchCriteriaId": "9D9E3754-72B5-435A-ADA0-BD2FFD7F2898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build4.43:*:*:*:*:*:*",
              "matchCriteriaId": "B4F0BCBB-F395-4F00-B91C-287D39A87667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build42.47:*:*:*:*:*:*",
              "matchCriteriaId": "5ED3480C-D055-42C7-AAC1-6736606CACB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build45.61:*:*:*:*:*:*",
              "matchCriteriaId": "F8075841-E12D-4C43-A1A2-BC5E6FFB7EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build48.47:*:*:*:*:*:*",
              "matchCriteriaId": "5E907D22-46A0-4C7F-94BF-8E9C186839CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build49.13:*:*:*:*:*:*",
              "matchCriteriaId": "B20B6A3F-758D-4C7C-AAD3-619FD8FEA4C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build50.23:*:*:*:*:*:*",
              "matchCriteriaId": "B46219C9-8BA8-472C-831F-5F65310BF579",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build51.14:*:*:*:*:*:*",
              "matchCriteriaId": "A1D23E60-E279-4BB8-AEFB-44F586A72D6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build52.19:*:*:*:*:*:*",
              "matchCriteriaId": "434E5007-D75E-42F4-B1EA-F909C073F741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build53.22:*:*:*:*:*:*",
              "matchCriteriaId": "CCDB957F-D87B-489B-A1E1-478A9A0E4591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build53.24:*:*:*:*:*:*",
              "matchCriteriaId": "F0710246-66E7-429F-93E1-1A2EB3A32225",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build54.29:*:*:*:*:*:*",
              "matchCriteriaId": "AEFD9728-312E-4E12-9B6A-1C5E0DF0851A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:13.1:build55.29:*:*:*:*:*:*",
              "matchCriteriaId": "B37F4601-7314-43AA-AEA7-FEEB29F9CCB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:14.1:build12.34:*:*:*:*:*:*",
              "matchCriteriaId": "7242C119-6545-41FF-9A0C-ECF51B52A6AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:14.1:build17.38:*:*:*:*:*:*",
              "matchCriteriaId": "B5CD7FA6-9084-457B-BEB8-38BF4CBD4743",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:14.1:build21.60:*:*:*:*:*:*",
              "matchCriteriaId": "B88BABA6-7FB7-4D9D-AAF1-78A78FFA62A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:14.1:build25.53:*:*:*:*:*:*",
              "matchCriteriaId": "E7BC70E9-5466-4A86-A21F-5AAF8BB4B1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:14.1:build25.56:*:*:*:*:*:*",
              "matchCriteriaId": "87A64984-3867-4336-970A-ABF9F1784A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:14.1:build29.63:*:*:*:*:*:*",
              "matchCriteriaId": "D6D997DC-A4E6-4D96-AA19-70186C4681DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_console:14.1:build34.43:*:*:*:*:*:*",
              "matchCriteriaId": "A2FA3D8F-AE48-4A08-8305-82E28F9F1055",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated privilege escalation in\u00a0NetScaler Console and NetScaler Agent allows."
    },
    {
      "lang": "es",
      "value": "La escalada de privilegios autenticado en NetScaler Console and NetScaler Agent permiten."
    }
  ],
  "id": "CVE-2024-12284",
  "lastModified": "2025-07-25T19:16:00.603",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "secure@citrix.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-20T00:15:19.360",
  "references": [
    {
      "source": "secure@citrix.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US"
    }
  ],
  "sourceIdentifier": "secure@citrix.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "secure@citrix.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-4G7P-889H-QVWW

Vulnerability from github – Published: 2025-02-20 00:32 – Updated: 2025-07-25 21:33

Details

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 (High)


                  
                    CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-12284"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-20T00:15:19Z",
    "severity": "HIGH"
  },
  "details": "Authenticated privilege escalation in\u00a0NetScaler Console and NetScaler Agent allows.",
  "id": "GHSA-4g7p-889h-qvww",
  "modified": "2025-07-25T21:33:46Z",
  "published": "2025-02-20T00:32:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12284"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2024-12284

Vulnerability from fstec - Published: 18.02.2025

Title

Уязвимость службы управления доставкой приложений NetScaler Console и агента NetScaler Agent, связанная с небезопасным управлением привилегиями, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость службы управления доставкой приложений NetScaler Console и агента NetScaler Agent связана с небезопасным управлением привилегиями. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии

Severity ?


                    
                      AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H


                    
                      AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Vendor

Citrix Systems Inc.

Software Name

NetScaler Console, NetScaler Agent

Software Version

от 14.1 до 14.1-38.53 (NetScaler Console), от 13.1 до 13.1-56.18 (NetScaler Console), от 14.1 до 14.1-38.53 (NetScaler Agent), от 13.1 до 13.1-56.18 (NetScaler Agent)

Possible Mitigations

Использование рекомендаций: https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US

Reference

https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US

CWE

CWE-269

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": "AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Citrix Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 14.1 \u0434\u043e 14.1-38.53 (NetScaler Console), \u043e\u0442 13.1 \u0434\u043e 13.1-56.18 (NetScaler Console), \u043e\u0442 14.1 \u0434\u043e 14.1-38.53 (NetScaler Agent), \u043e\u0442 13.1 \u0434\u043e 13.1-56.18 (NetScaler Agent)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.02.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.02.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.02.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-01961",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-12284",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "NetScaler Console, NetScaler Agent",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u043e\u0439 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 NetScaler Console \u0438 \u0430\u0433\u0435\u043d\u0442\u0430 NetScaler Agent, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u043e\u0439 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 NetScaler Console \u0438 \u0430\u0433\u0435\u043d\u0442\u0430 NetScaler Agent \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-269",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-12284 (GCVE-0-2024-12284)

CERTFR-2025-AVI-0142

Solutions

FKIE_CVE-2024-12284

GHSA-4G7P-889H-QVWW

CVE-2024-12284

Tags

Sightings

Nomenclature