• Insights

NetScaler Console, Agent and SVM Security Bulletin for CVE-2024-6235 and CVE-2024-6236

Jeff Silverman

2 min read

All Insights

NetScaler Console, Agent and SVM Security Bulletin for CVE-2024-6235 and CVE-2024-6236

Description of Problem

Two vulnerabilities have been discovered in NetScaler Console (formerly NetScaler ADM), NetScaler SVM, and NetScaler Agent. Refer to below for further details:

Affected Versions

The following supported version of NetScaler Console (formerly NetScaler ADM) is affected by CVE-2024-6235:

  • NetScaler Console 14.1 before 14.1-25.53

The following supported versions of NetScaler Console, NetScaler Agent and NetScaler SVM are affected by CVE-2024-6236:

  • NetScaler Console 14.1 before 14.1-25.53
  • NetScaler Console 13.1 before 13.1-53.22
  • NetScaler Console 13.0 before 13.0-92.31
  • NetScaler SVM 14.1 before 14.1-25.53
  • NetScaler SVM 13.1 before 13.1-53.17
  • NetScaler SVM 13.0 before 13.0-92.31
  • NetScaler Agent 14.1 before 14.1-25.53
  • NetScaler Agent 13.1 before 13.1-53.22
  • NetScaler Agent 13.0 before 13.0-92.31

This bulletin only applies to the customer-managed NetScaler Console. Customers using Citrix-managed NetScaler Console Service do not need to take any action.

Summary

NetScaler Console contains the vulnerabilities mentioned below


CVD-ID Description Pre-Requisites Affected Products CWE CVSS
CVE-2024-6235 Sensitive information disclosure Access to NetScaler
Console IP
NetScaler Console CWE-287: Improper Authentication CVSS v4.0
Base Score:
9.4
CVE-2024-6236

Denial of
Service

Access to NetScaler
Console IP,
NetScaler
Agent IP,
SVM IP

NetScaler Console, NetScaler Agent, NetScaler SVM CWE-119: Improper Restriction of Operations within
the Bounds of a Memory Buffer
CVSS v4.0
Base Score:
7.1
What Customers Should Do

Cloud Software Group strongly urges customers of NetScaler Console to install the relevant updated versions of NetScaler Console as soon as possible:

  • NetScaler Console 14.1-25.53 and later releases of 14.1
  • NetScaler Console  13.1-53.22 and later releases of 13.1
  • NetScaler Console  13.0-92.31 and later releases of 13.0
  • NetScaler SVM 14.1-25.53 and later releases of 14.1
  • NetScaler SVM 13.1-53.17 and later releases of 13.1
  • NetScaler SVM 13.0-92.31 and later releases of 13.0
  • NetScaler Agent 14.1-25.53and later releases of 14.1
  • NetScaler Agent  13.1-53.22 and later releases of 13.1
  • NetScaler Agent 13.0-92.31and later releases of 13.0
More information

Security Lockhttps://support.citrix.com/article/CTX677998/netscaler-console-agent-and-svm-security-bulletin-for-cve20246235-and-cve20246236

For assistance from the Kraft Kennedy team, please contact us.