Skip to main content

Citrix Releases Security Critical Updates for NetScaler Console, NetScaler Agent, and NetScaler SVM

Two vulnerabilities could lead to sensitive information disclosure or DoS 

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Two vulnerabilities could lead to sensitive information disclosure or DoS 


Threat details

Citrix-managed instances do not need further action

Only customer-managed NetScaler Console instances are vulnerable. Customers using Citrix-managed NetScaler Console Service do not need to take any action.


Introduction

Citrix has released a critical security bulletin addressing two vulnerabilities affecting NetScaler Console, NetScaler Agent, and NetScaler SVM.

  • CVE-2024-6235, an improper authentication vulnerability, has a CVSSv4 score of 9.4 and could lead to sensitive information disclosure if the attacker was able to gain access to the NetScaler Console IP.
  • CVE-2024-6236, a denial-of-service (DoS) vulnerability, has a CVSSv4 score of 7.1 and could be achieved if an attacker was able to gain access to NetScaler Console IP, NetScaler Agent IP, or SVM IP.

Proof-of-concept exploit code released for CVE-2024-6235

proof-of-concept (PoC) exploit has been released for CVE-2024-6235. The NHS England National CSOC assess exploitation of this vulnerability as more likely.


Threat updates

Date Update
25 Apr 2025 Proof-of-concept exploit code released for CVE-2024-6235

Remediation advice

Affected organisations are encouraged to review Citrix Security Bulletin CTX677998 and apply the relevant updates.



Last edited: 25 April 2025 3:01 pm