← Retour aux CVEs
CVE-2023-6548
MEDIUMCISA KEV5.5
Description
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
Details CVE
Score CVSS v3.15.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vecteur d'attaqueADJACENT_NETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie1/17/2024
Derniere modification10/24/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurCitrix
ProduitNetScaler ADC and NetScaler Gateway
Nom vulnerabiliteCitrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Date ajout KEV2024-01-17
Date limite remediation2024-01-24
Utilise dans ransomwareUnknown
Produits affectes
citrix:netscaler_application_delivery_controllercitrix:netscaler_gateway
Faiblesses (CWE)
CWE-94CWE-94
References
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549(secure@citrix.com)
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.