CVE-2024-12284

High

Published: 20 February 2025

Published

20 February 2025

Modified

25 July 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0424 88.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.

Security Summary

CVE-2024-12284 is an authenticated privilege escalation vulnerability affecting NetScaler Console and NetScaler Agent. Published on 2025-02-20, it carries a CVSS v3.1 base score of 8.8 (High), with vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and is associated with CWE-269 (Improper Privilege Management).

The vulnerability can be exploited by an authenticated attacker with low privileges over the network, requiring low complexity and no user interaction. Successful exploitation enables high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability through escalated privileges.

Citrix has published a security bulletin addressing CVE-2024-12284 at https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US, which details mitigations and available patches for affected NetScaler Console and NetScaler Agent deployments.

Details

CWE(s): CWE-269NVD-CWE-noinfo

Affected Products

citrix

netscaler agent

13.0-58.30 · 13.1-4.43 — 13.1-56.18 · 14.1-4.42 — 14.1-38.53

citrix

netscaler console

13.1, 14.1

References

https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US
Vendor Advisory · secure@citrix.com