CVE-2023-6548

MEDIUMCISA KEV

5.5

Descripcion

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

Detalles CVE

Puntuacion CVSS v3.15.5

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector de ataqueADJACENT_NETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado1/17/2024

Ultima modificacion10/24/2025

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorCitrix

ProductoNetScaler ADC and NetScaler Gateway

Nombre vulnerabilidadCitrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability

Fecha inclusion KEV2024-01-17

Fecha limite remediacion2024-01-24

Uso en ransomwareUnknown

Productos afectados

citrix:netscaler_application_delivery_controllercitrix:netscaler_gateway

Debilidades (CWE)

CWE-94CWE-94

Referencias

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549(secure@citrix.com)

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.