CVE-2024-12284
Published: 20 February 2025
Summary
CVE-2024-12284 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Citrix Netscaler Console. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 11.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2024-12284 is an authenticated privilege escalation vulnerability affecting NetScaler Console and NetScaler Agent. Published on 2025-02-20, it carries a CVSS v3.1 base score of 8.8 (High), with vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and is associated with CWE-269 (Improper Privilege Management).
The vulnerability can be exploited by an authenticated attacker with low privileges over the network, requiring low complexity and no user interaction. Successful exploitation enables high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability through escalated privileges.
Citrix has published a security bulletin addressing CVE-2024-12284 at https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US, which details mitigations and available patches for affected NetScaler Console and NetScaler Agent deployments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4641
Vulnerability details
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directly matches authenticated privilege escalation via improper privilege management (CWE-269).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters CWE-269 Improper Privilege Management by enforcing least privilege, preventing low-privileged authenticated users from escalating privileges in NetScaler Console and Agent.
Enforces approved access authorizations to block unauthorized privilege escalations attempted by authenticated low-privilege attackers over the network.
Manages accounts to ensure privileges are properly assigned, reviewed, and revoked, mitigating flaws in privilege handling within affected NetScaler components.