Vulnerability Details CVE-2023-6548
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.234
EPSS Ranking 95.7%
CVSS Severity
CVSS v3 Score 5.5
Proposed Action
Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.
Ransomware Campaign
Unknown
References
Products affected by CVE-2023-6548
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1-55.297
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1-55.300
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0-91.13
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0-92.19
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.159
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.164
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-49.15
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-8.50
-
cpe:2.3:a:citrix:netscaler_gateway:13.0
-
cpe:2.3:a:citrix:netscaler_gateway:13.0-91.13
-
cpe:2.3:a:citrix:netscaler_gateway:13.0-92.19
-
cpe:2.3:a:citrix:netscaler_gateway:13.1
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-49.15
-
cpe:2.3:a:citrix:netscaler_gateway:14.1
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-8.50