← Zuruck zu CVEs
CVE-2023-6548
MEDIUMCISA KEV5.5
Beschreibung
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
CVE Details
CVSS v3.1 Bewertung5.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AngriffsvektorADJACENT_NETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht1/17/2024
Zuletzt geandert10/24/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerCitrix
ProduktNetScaler ADC and NetScaler Gateway
SchwachstellennameCitrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
KEV Aufnahmedatum2024-01-17
Behebungsfrist2024-01-24
Ransomware-NutzungUnknown
Betroffene Produkte
citrix:netscaler_application_delivery_controllercitrix:netscaler_gateway
Schwachen (CWE)
CWE-94CWE-94
Referenzen
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549(secure@citrix.com)
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.