8.8
CVE-2024-12284
- EPSS 0.14%
- Published 20.02.2025 00:15:19
- Last modified 25.07.2025 19:16:00
- Source secure@citrix.com
- Teams watchlist Login
- Open Login
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.
Data is provided by the National Vulnerability Database (NVD)
Citrix ≫ Netscaler Agent SwEdition- Version >= 13.1-4.43 < 13.1-56.18
Citrix ≫ Netscaler Agent SwEdition- Version >= 14.1-4.42 < 14.1-38.53
Citrix ≫ Netscaler Agent Version13.0-58.30 SwEdition-
Citrix ≫ Netscaler Console Version13.1 Updatebuild12.50
Citrix ≫ Netscaler Console Version13.1 Updatebuild17.42
Citrix ≫ Netscaler Console Version13.1 Updatebuild21.53
Citrix ≫ Netscaler Console Version13.1 Updatebuild24.38
Citrix ≫ Netscaler Console Version13.1 Updatebuild27.62
Citrix ≫ Netscaler Console Version13.1 Updatebuild30.52
Citrix ≫ Netscaler Console Version13.1 Updatebuild33.50
Citrix ≫ Netscaler Console Version13.1 Updatebuild37.38
Citrix ≫ Netscaler Console Version13.1 Updatebuild4.43
Citrix ≫ Netscaler Console Version13.1 Updatebuild42.47
Citrix ≫ Netscaler Console Version13.1 Updatebuild45.61
Citrix ≫ Netscaler Console Version13.1 Updatebuild48.47
Citrix ≫ Netscaler Console Version13.1 Updatebuild49.13
Citrix ≫ Netscaler Console Version13.1 Updatebuild50.23
Citrix ≫ Netscaler Console Version13.1 Updatebuild51.14
Citrix ≫ Netscaler Console Version13.1 Updatebuild52.19
Citrix ≫ Netscaler Console Version13.1 Updatebuild53.22
Citrix ≫ Netscaler Console Version13.1 Updatebuild53.24
Citrix ≫ Netscaler Console Version13.1 Updatebuild54.29
Citrix ≫ Netscaler Console Version13.1 Updatebuild55.29
Citrix ≫ Netscaler Console Version14.1 Updatebuild12.34
Citrix ≫ Netscaler Console Version14.1 Updatebuild17.38
Citrix ≫ Netscaler Console Version14.1 Updatebuild21.60
Citrix ≫ Netscaler Console Version14.1 Updatebuild25.53
Citrix ≫ Netscaler Console Version14.1 Updatebuild25.56
Citrix ≫ Netscaler Console Version14.1 Updatebuild29.63
Citrix ≫ Netscaler Console Version14.1 Updatebuild34.43
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.354 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secure@citrix.com | 8.8 | 0 | 0 |
CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.