{"id":1547302,"date":"2025-02-20T04:51:57","date_gmt":"2025-02-20T06:51:57","guid":{"rendered":"https:\/\/teknomers.com\/fr\/citrix-libere-une-correction-de-securite-pour-la-vulnerabilite-descalade-du-privilege-de-console-netscaler\/"},"modified":"2025-02-20T04:52:02","modified_gmt":"2025-02-20T06:52:02","slug":"citrix-libere-une-correction-de-securite-pour-la-vulnerabilite-descalade-du-privilege-de-console-netscaler","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/citrix-libere-une-correction-de-securite-pour-la-vulnerabilite-descalade-du-privilege-de-console-netscaler\/","title":{"rendered":"Citrix lib\u00e8re une correction de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 d&#8217;escalade du privil\u00e8ge de console NetScaler"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">20 f\u00e9vrier 2025<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ s\u00e9curit\u00e9 informatique<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/02\/Citrix-libere-une-correction-de-securite-pour-la-vulnerabilite-descalade.jpg\" style=\"clear: left; display: block; float: left;  text-align: center;\"><\/a><\/div>\n<p>Citrix a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 pour un d\u00e9faut de s\u00e9curit\u00e9 \u00e0 haute s\u00e9v\u00e9rit\u00e9 ayant un impact sur la console NetScaler (anciennement Netcaler ADM) et l&#8217;agent Netscaler qui pourraient conduire \u00e0 une escalade de privil\u00e8ges dans certaines conditions.<\/p>\n<p>La vuln\u00e9rabilit\u00e9, suivie comme <strong><a rel=\"noopener nofollow\" href=\"https:\/\/support.citrix.com\/s\/article\/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US\" target=\"_blank\">CVE-2024-12284<\/a><\/strong>a re\u00e7u un score CVSS V4 de 8,8 sur un maximum de 10,0<\/p>\n<p>Il a \u00e9t\u00e9 d\u00e9crit comme un cas d&#8217;une mauvaise gestion des privil\u00e8ges qui pourrait entra\u00eener une escalade de privil\u00e8ges authentifi\u00e9e si l&#8217;agent de console NetScaler est d\u00e9ploy\u00e9 et permet \u00e0 un attaquant d&#8217;ex\u00e9cuter des actions post-compromis.<\/p>\n<p>&#8220;La question se pose en raison d&#8217;une gestion inad\u00e9quate des privil\u00e8ges et pourrait \u00eatre exploit\u00e9e par un acteur malveillant authentifi\u00e9 pour ex\u00e9cuter des commandes sans autorisation suppl\u00e9mentaire&#8221;, netscaler <a rel=\"noopener nofollow\" href=\"https:\/\/www.netscaler.com\/blog\/news\/cve-2024-12284-high-severity-security-update-for-netscaler-console\/\" target=\"_blank\">not\u00e9<\/a>.<\/p>\n<p>&#8220;Cependant, seuls les utilisateurs authentifi\u00e9s ayant un acc\u00e8s existant \u00e0 la console NetScaler peuvent exploiter cette vuln\u00e9rabilit\u00e9, limitant ainsi la surface de la menace aux utilisateurs authentifi\u00e9s.&#8221;<\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener sponsored\" href=\"https:\/\/thehackernews.uk\/encrypted-attacks-report-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybers\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/02\/Meta-confirme-lattaque-de-logiciels-spyware-zero-clique.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>La lacune affecte les versions ci-dessous &#8211;<\/p>\n<ul>\n<li>Console NetScaler 14.1 avant 14.1-38.53<\/li>\n<li>Console NetScaler 13.1 avant 13.1-56.18<\/li>\n<li>Agent NetScaler 14.1 avant 14.1-38.53<\/li>\n<li>Agent NetScaler 13.1 avant 13.1-56.18<\/li>\n<\/ul>\n<p>Il a \u00e9t\u00e9 corrig\u00e9 dans les versions ci-dessous du logiciel &#8211;<\/p>\n<ul>\n<li>Console NetScaler 14.1-38.53 et versions ult\u00e9rieures <\/li>\n<li>Console NetScaler 13.1-56.18 et versions ult\u00e9rieures de 13.1<\/li>\n<li>Agent NetScaler 14.1-38.53 et versions ult\u00e9rieures <\/li>\n<li>Agent NetScaler 13.1-56.18 et versions ult\u00e9rieures de 13.1<\/li>\n<\/ul>\n<p>&#8220;Le groupe de logiciels Cloud exhorte fortement les clients de la console NetScaler et de l&#8217;agent NetScaler \u00e0 installer les versions mises \u00e0 jour pertinentes d\u00e8s que possible&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9, ajoutant qu&#8217;il n&#8217;y a pas de solution de contournement pour r\u00e9soudre le d\u00e9faut.<\/p>\n<p>Cela dit, les clients qui utilisent le service de console NetScaler g\u00e9r\u00e9 par Citrix n&#8217;ont besoin de prendre aucune mesure.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant? Suivez-nous <a rel=\"noopener nofollow\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Gazouillement <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"noopener nofollow\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">Liendin<\/a> Pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2025\/02\/citrix-releases-security-fix-for.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80220 f\u00e9vrier 2025\ue804Ravie LakshmananVuln\u00e9rabilit\u00e9 \/ s\u00e9curit\u00e9 informatique Citrix a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 pour un d\u00e9faut de s\u00e9curit\u00e9 \u00e0 haute s\u00e9v\u00e9rit\u00e9 ayant un impact sur la console NetScaler (anciennement Netcaler ADM) et l&#8217;agent Netscaler qui pourraient conduire \u00e0 une escalade de privil\u00e8ges dans certaines conditions. La vuln\u00e9rabilit\u00e9, suivie comme CVE-2024-12284a re\u00e7u un [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1547303,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[274266,274265,107138,4168,42806,29836,79002,274264,4161,274263,6124,28044,7487,274267,4160,175005,185,60973,1835,238617,246491,4172,79016,196,4166,3667,4164],"class_list":["post-1547302","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-de-piratage","tag-actualites-des-pirates","tag-citrix","tag-comment-pirater","tag-console","tag-correction","tag-cyber-security-news","tag-cyber-security-news-aujourdhui","tag-cyber-mises-a-jour","tag-cyber-nouvelles","tag-cyberattaques","tag-descalade","tag-libere","tag-malware-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-netscaler","tag-pour","tag-privilege","tag-securite","tag-securite-de-linformation","tag-securite-du-reseau","tag-securite-informatique","tag-the-hacker-news","tag-une","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1547302","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1547302"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1547302\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1547303"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1547302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1547302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1547302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}