Citrix Releases Critical Updates for NetScaler Console, NetScaler Agent, and NetScaler SVM [CVE-2024-6235 and CVE-2024-6236]
CVE numbers = CVE-2024-6235 and CVE-2024-6236
Two vulnerabilities have been discovered in NetScaler Console (formerly NetScaler ADM), NetScaler SDX (SVM), and NetScaler Agent.
CVE-2024-6235, an improper authentication vulnerability with a CVSSv4 score of 9.4, could lead to the disclosure of sensitive information if an attacker gains access to the NetScaler Console IP. Additionally.
CVE-2024-6236, a denial-of-service (DoS) vulnerability with a CVSSv4 score of 7.1, could be exploited if an attacker gains access to the NetScaler Console IP, NetScaler Agent IP, or SVM IP.
The following supported version of NetScaler Console (formerly NetScaler ADM) is affected by CVE-2024-6235:
- NetScaler Console 14.1 before 14.1-25.53
The following supported versions of NetScaler Console, NetScaler Agent and NetScaler SDX (SVM) are affected by CVE-2024-6236:
- NetScaler Console 14.1 before 14.1-25.53
- NetScaler Console 13.1 before 13.1-53.22
- NetScaler Console 13.0 before 13.0-92.31
- NetScaler SDX (SVM) 14.1 before 14.1-25.53
- NetScaler SDX (SVM) 13.1 before 13.1-53.17
- NetScaler SDX (SVM) 13.0 before 13.0-92.31
- NetScaler Agent 14.1 before 14.1-25.53
- NetScaler Agent 13.1 before 13.1-53.22
- NetScaler Agent 13.0 before 13.0-92.31
Blogger at www.systemtek.co.uk