Citrix Authenticated Privilege Escalation Vulnerability - 20250221003

Overview

Citrix has released security updates for a high-severity vulnerability that has been discovered in NetScaler Console (formerly NetScaler ADM) and NetScaler Agent.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
NetScaler Console and NetScaler Agent	NetScaler Console 14.1 BEFORE  14.1-38.53 NetScaler Console 13.1 BEFORE  13.1-56.18 NetScaler Agent 14.1 BEFORE 14.1-38.53 NetScaler Agent 13.1 BEFORE 13.1-56.18	CVE-2024-12284	8.8	High

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

• Citrix: https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US

Additional References

• The Hacker News: https://thehackernews.com/2025/02/citrix-releases-security-fix-for.html