CVE-2023-6548

MEDIUMCISA KEV

5.5

Description

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

CVE Details

CVSS v3.1 Score5.5

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorADJACENT_NETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published1/17/2024

Last Modified10/24/2025

Sourcekev

Honeypot Sightings0

CISA KEV

VendorCitrix

ProductNetScaler ADC and NetScaler Gateway

Vulnerability NameCitrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability

KEV Date Added2024-01-17

Remediation Due Date2024-01-24

Ransomware UseUnknown

Affected Products

citrix:netscaler_application_delivery_controllercitrix:netscaler_gateway

Weaknesses (CWE)

CWE-94CWE-94

References

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549(secure@citrix.com)

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.