AI description
CVE-2024-6235 is a vulnerability affecting the NetScaler Console (formerly NetScaler ADM). This vulnerability, classified as an information disclosure issue, stems from improper authentication, which can allow unauthorized access to sensitive data. Specifically, it affects NetScaler Console version 14.1 before 14.1-25.53, as well as older versions 13.1 and 13.0. Successful exploitation of CVE-2024-6235 could lead to the disclosure of sensitive information, such as user credentials and configuration data. It is recommended to update NetScaler Console to the latest version to mitigate the risk.
- Description
- Sensitive information disclosure in NetScaler Console
- Source
- secure@citrix.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-287
- Hype score
- Not currently trending
Citrix 社より、NetScaler ADC および NetScaler Gateway 製品に対する脆弱性情報(CVE-2024-6235 および CVE-2024-6236)が発表されました。
@pocochi20250519
30 Jun 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
During root cause analysis for the #NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered & disclosed to the vendor 2 additional high severity vulnerabilities. Find exploitation details, remediation advice & more in a new blog: https://t.co/RhKXUbgt82 https:/
@rapid7
18 Jun 2025
8226 Impressions
7 Retweets
13 Likes
5 Bookmarks
0 Replies
1 Quote
CVE-2024-6235:Citrix NetScaler Console 会话劫持漏洞可致权限完全失控 该漏洞使得未经身份验证的攻击者能够从内部 API 获取管理员级别的会话 ID,并利用该 ID 在系统上创建其他管理员用户 https://t.co/m9YQo8iK1K
@chenze654321
27 Apr 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-6235: NetScaler Console Flaw Enables Admin Access, PoC Publishes https://t.co/TyR9w4OaoK
@Dinosn
24 Apr 2025
2275 Impressions
6 Retweets
18 Likes
7 Bookmarks
0 Replies
0 Quotes
NetScaler Console という製品の脆弱性 CVE-2024-6235(2024年7月修正)を利用し、認証なしで管理者セッション ID を生成可能なPoC を Rapid7 が公開。攻撃者に好んで悪用されがちなタイプの脆弱性なのでヒヤッとしましたが公開サーバは13台しか発見できず。 https://t.co/3u9gXXZ9VW https://t.co/HjTfvIQXcS
@nekono_naha
24 Apr 2025
874 Impressions
0 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-6235: NetScaler Console Flaw Enables Admin Access, PoC Publishes https://t.co/fJSXLS01Y0
@the_yellow_fall
24 Apr 2025
649 Impressions
5 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-6235 - critical 🚨 NetScaler Console - Sensitive Information Disclosure > Sensitive information disclosure in NetScaler Console ... 👾 https://t.co/LhkfzKo610 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
23 Apr 2025
488 Impressions
0 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
N-day analysis of Citrix NetScaler Console CVE-2024-6235 via Rapid7 researcher Calum Hutton: The vuln allows an unauthenticated attacker to obtain an admin-level session ID from an internal API and use this to create other admin users on the system. https://t.co/LEzbEV4ovG https:
@catc0n
22 Apr 2025
1211 Impressions
8 Retweets
25 Likes
11 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:netscaler_console:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9A1C950-BACE-44C1-B0D5-F00F46D280F4",
"versionEndExcluding": "14.1-25.53",
"versionStartIncluding": "14.1-4.42"
}
],
"operator": "OR"
}
]
}
]