CVE-2024-12284 in NetScaler Console Exposes Systems to Unauthorized Command Execution
Ddos 
Cloud Software Group has released a security bulletin addressing a high-severity vulnerability in its NetScaler Console and NetScaler Agent. Tracked as CVE-2024-12284, the flaw could allow authenticated attackers to execute commands without proper authorization, potentially compromising entire systems. The vulnerability has received a CVSSv4 score of 8.8.
The vulnerability stems from “inadequate privilege management,” according to the bulletin. While the flaw requires an attacker to be authenticated and have existing access to the NetScaler Console, the potential for unauthorized command execution poses a significant risk. As the bulletin states, “The issue arises due to inadequate privilege management and could be exploited by an authenticated malicious actor to execute commands without additional authorization.”
The impact of this vulnerability is primarily limited to authenticated users, reducing the attack surface. Furthermore, for self-managed NetScaler Console deployments, the presence of the NetScaler Agent further minimizes the potential damage. “Additionally, the potential impact on self-managed NetScaler Console is minimal because the current pre-condition of NetScaler Agent being deployed significantly reduces the blast radius,” the bulletin explains.
The affected versions include NetScaler Console and NetScaler Agent versions 14.1 before 14.1-38.53 and 13.1 before 13.1-56.18. Notably, Cloud Software Group has not provided any mitigation steps for this vulnerability. Instead, the company strongly recommends upgrading to the patched versions as the only solution.
The bulletin emphasizes, “if you are running the impacted versions of on-premises NetScaler Console and NetScaler Console Agent, we recommend that you upgrade your deployment.”
Users are urged to immediately upgrade their NetScaler Console and NetScaler Agent deployments to the following secure builds:
- NetScaler Console & NetScaler Agent 14.1-38.53 and later releases
- NetScaler Console & NetScaler Agent 13.1-56.18 and later releases
Administrators are advised to review the official Cloud Software Group security bulletin for complete details and upgrade instructions. Delaying the upgrade process could leave systems vulnerable to exploitation.
Related Posts:
💙 Support SecurityOnline.info
If this article helped you stay informed, please consider supporting us below.
PayPal