Citrix Releases Security Critical Updates for NetScaler Console, NetScaler Agent, and NetScaler SVM
Two vulnerabilities could lead to sensitive information disclosure or DoS
Summary
Two vulnerabilities could lead to sensitive information disclosure or DoS
Affected platforms
The following platforms are known to be affected:
Threat details
Citrix-managed instances do not need further action
Only customer-managed NetScaler Console instances are vulnerable. Customers using Citrix-managed NetScaler Console Service do not need to take any action.
Introduction
Citrix has released a critical security bulletin addressing two vulnerabilities affecting NetScaler Console, NetScaler Agent, and NetScaler SVM.
- CVE-2024-6235, an improper authentication vulnerability, has a CVSSv4 score of 9.4 and could lead to sensitive information disclosure if the attacker was able to gain access to the NetScaler Console IP.
- CVE-2024-6236, a denial-of-service (DoS) vulnerability, has a CVSSv4 score of 7.1 and could be achieved if an attacker was able to gain access to NetScaler Console IP, NetScaler Agent IP, or SVM IP.
Proof-of-concept exploit code released for CVE-2024-6235
A proof-of-concept (PoC) exploit has been released for CVE-2024-6235. The NHS England National CSOC assess exploitation of this vulnerability as more likely.
Threat updates
Date | Update |
---|---|
25 Apr 2025 | Proof-of-concept exploit code released for CVE-2024-6235 |
Remediation advice
Affected organisations are encouraged to review Citrix Security Bulletin CTX677998 and apply the relevant updates.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 25 April 2025 3:01 pm