Citrix has released security updates for high -speed security lack, affecting the NetsCaler Console (previously NetsCaler ADM) and the NetsCaler agent, which could escalate privileges under certain conditions.
Vulnerability tracked as Cve-2014-12284received a CVS V4 8.8 score of 10.0
This has been described as a case of incorrect privilege management, which could lead to authentified escalation privileges if the NetScale console agent will be deployed and allows the attacker to perform actions after a compromise.
“The problem arises from the -insufficient privilege management and can be used by authentified malicious actors to execute teams without additional resolution,” NetSCaler noted.
“However, only authentified users with existing access to the NetsCler console can use this vulnerability, thereby limiting the threat to only authenticated users.”
The disadvantage affects the below version –
- Console NetsCaler 14.1 to 14.1-38.53
- Console NetsCaler 13.1 to 13.1-56.18
- Agent NetsCaler 14.1 to 14.1-38.53
- Agent NetsCaler 13.1 to 13.1-56.18
It was sent to the software versions below –
- Console NetsCaler 14.1-38.53 and later issues
- Console NetsCaler 13.1-56.18 and Later Version 13.1
- Agent NetsCaler 14.1-38.53 and later issues
- Agent NetsCaler 13.1-56.18 and Later Cut 13.1
“The Cloud Software Group urges Customers of the NetsCale and the NetsCale agent to install the relevant updated versions as soon as possible,” the company said, adding that there are no decisions to resolve the lack.
Given this, customers who use Citrix that manages Citrix need to take any action.
