Citrix Netscaler enables the extension of rights
Citrix Netscaler Agent and Netscaler Console allow attackers to extend their rights. Secure Access Client for Mac also has a vulnerability.
(Image: Bild erstellt mit KI in Bing Image Creator durch heise online / dmk)
Citrix has discovered multiple vulnerabilities in Netscaler Agent, Netscaler Console (formerly known as Netscaler ADM) and the Secure Access Client for macOS. Attackers can use the vulnerabilities to escalate their privileges in vulnerable systems. Software updates to plug the gaps are available.
In a security announcement, Citrix warns of the vulnerabilities in Netscaler Agent and Netscaler Console. The manufacturer does not provide any details, but merely states that the vulnerability is an “authenticated privilege escalation” in both products. It is therefore of the type “insufficient rights management” (CVE-2024-12284, CVSS 8.8, risk “high”). It remains unclear how attackers exploit it and how IT managers can detect attacks.
Citrix: Affected versions
Netscaler Agent and Netscaler Console 13.1 and 14.1 are affected. The updates to version 13.1-56.18 and 14.1-38.53 respectively iron out the security-relevant errors. Citrix notes that only customer-managed installations that have deployed Netscaler Console and Netscaler Console Agents are affected. Citrix-managed installations are already taken care of, customers do not need to take action here.
Videos by heise
In another recent security announcement, Citrix also warns of security vulnerabilities in the Secure Access Client for Mac. Citrix describes both vulnerabilities as follows: “Attackers can gain access to the application to make (limited) changes and/or read arbitrary data.” One is due to a “flawed protection mechanism” (CVE-2025-1222, CVSS 5.9, medium), while the other vulnerability is due to an “uncontrolled search path element” (CVE-2025-1223, CVSS 5.9, medium).
The update to Citrix Secure Access Client for Mac 25.01.2 or newer versions closes the security gaps, Citrix advises customers to install the update as soon as possible.
The advice is not unjustified: Citrix software is high on cybercriminals' list of preferred targets. In December, for example, the BSI warned that it had observed an increase in brute force attacks on Citrix Netscaler gateways.
(dmk)
