Cloud Software Group released critical security updates to address a high-severity vulnerability in the NetScaler Console and NetScaler Console Agent, identified as CVE-2024-12284. This vulnerability could potentially allow an authenticated malicious actor to execute commands without additional authorization, which could lead to security risks if not addressed promptly.
What is CVE-2024-12284 Vulnerability?
The vulnerability, CVE-2024-12284, was discovered in both the NetScaler Console and its associated NetScaler Console Agent, which are essential components for managing and monitoring NetScaler devices and services. The flaw arises from inadequate privilege management within these systems, making it possible for an attacker with authenticated access to execute unauthorized commands.
Cloud Software Group has rated the vulnerability with a high CVSS score of 8.8, indicating a serious threat that needs immediate attention from organizations using affected versions of the software. However, the vulnerability can only be exploited by authenticated users who already have access to the NetScaler Console, meaning the risk is somewhat contained to existing users within the network.
The Impact and Mitigation
The primary risk of CVE-2024-12284 lies in the potential for unauthorized command execution. While the vulnerability itself is concerning, Cloud Software Group has assured that the impact is somewhat mitigated for self-managed NetScaler Console deployments. This is because the vulnerability is less likely to affect organizations that have deployed the NetScaler Console Agent, which acts as an additional layer of security and reduces the “blast radius” of potential exploits.
For those using affected versions of the NetScaler Console or NetScaler Console Agent, the company has outlined specific steps to protect against the vulnerability. Cloud Software Group recommends upgrading to the latest, non-vulnerable builds of NetScaler Console and NetScaler Console Agent to ensure continued security.
The versions affected by CVE-2024-12284 are:
- NetScaler Console & NetScaler Console Agent 14.1, prior to 14.1-38.53
- NetScaler Console & NetScaler Console Agent 13.1, prior to 13.1-56.18
To mitigate the risk, users are strongly urged to upgrade to the following builds:
- NetScaler Console & NetScaler Console Agent 14.1-38.53 and later releases
- NetScaler Console & NetScaler Console Agent 13.1-56.18 and later releases
Additional Recommendations
Cloud Software Group has provided security practices to further reduce the likelihood of successful exploitation. Among these recommendations is the configuration of external authentication for the NetScaler Console, which can help enhance the overall security of the system. This would make it more difficult for malicious actors to gain unauthorized access in the first place, even if they are able to exploit the vulnerability once inside.
In addition, the vulnerability is mainly limited to on-premises NetScaler Console deployments, as those using Citrix-managed NetScaler Console Service are not affected by CVE-2024-12284. Those customers need not take any action.
Telemetry Program Updates
As part of its ongoing security enhancements, Cloud Software Group has incorporated automatic telemetry in the latest versions of NetScaler Console. These updates, designed to provide valuable monitoring and diagnostic data, are enabled by default in the following releases:
- NetScaler Console on-prem: 14.1 25.53 and later
- NetScaler Console on-prem: 13.1 53.22 and later
Furthermore, starting with NetScaler Console 13.1 57.26, a new change will be made regarding the telemetry metrics profile configuration. This configuration, which was initially introduced as part of the NetScaler telemetry program, will be removed automatically from managed NetScaler instances if it is present, as it is no longer in use.
Conclusion
CVE-2024-12284 represents a serious vulnerability affecting the NetScaler Console and its agent, with potential consequences for organizations that rely on these tools for network management. However, Cloud Software Group has provided clear guidelines and solutions to address the issue, including upgrading to the latest versions of NetScaler Console and NetScaler Console Agent.
For organizations using the affected versions of the software, immediate attention and action are necessary to prevent exploitation of this vulnerability. By following the recommended best practices, including upgrading to the latest secure versions and configuring external authentication, businesses can ensure the continued safety and integrity of their NetScaler infrastructure.