Citrix has released security upgrades for a high-severity protection weakness that could cause privilege increase in some circumstances and affect NetScaler Unit ( previously NetScaler ADM) and NetScaler Agent.
The risk, tracked as , has been given a CVSS v4 report of 8.8 out of a maximum of 10.0
If the NetScaler Console Agent is deployed and enables an intruder to perform post-compromise activities, it has been described as a case of poor luxury control that could lead to authorized luxury increase.
The issue is brought on by inadequate privilege management, which could be used by an authorized harmful actor to carry out commands without getting additional permission, according to Netscaler.
However, just authorized users with existing access to the NetScaler Console you utilize this risk, limiting the threat surface to only authorized users.
The issue has an impact on the following types:
- NetScaler Console 14.1 before 14.1-38.53
- NetScaler Console 13.1 before 13.1-56.18
- NetScaler Agent 14.1 before 14.1-38.53
- NetScaler Agent 13.1 before 13.1-56.18
In the following program versions, it has been cleaned up.
- NetScaler Console 14.1-38.53 and afterward produces
- NetScaler Console 13.1-56.18 and afterward discharges of 13.1
- NetScaler Agent 14.1-38.53 and afterwards produces
- NetScaler Agent 13.1-56.18 and afterward discharges of 13.1
Consumers of NetScaler Console and NetScaler Agent are urged by Cloud Software Group to mount the appropriate updated versions as soon as possible, the company said, adding that there are no workarounds to the issue.
Consumers who are using Citrix-managed NetScaler Console Service are not required to take any action, though.