CVE-2023-6548

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

Published: Jan 17, 2024
Updated: Jan 26, 2024
CVE: CVE-2023-6548
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
citrix / netscaler_gateway	13.0	13.0-92.21
citrix / netscaler_gateway	13.1	13.1-51.15
citrix / netscaler_gateway	14.1	14.1-12.35
citrix / netscaler_application_delivery_controller	12.1	12.1-55.302
citrix / netscaler_application_delivery_controller	13.1	13.1-37.176
citrix / netscaler_application_delivery_controller	13.0	13.0-92.21
citrix / netscaler_application_delivery_controller	13.1	13.1-51.15
citrix / netscaler_application_delivery_controller	14.1	14.1-12.35

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

Vulnerability Database

289,697

CVE-2023-6548