Vulnerability Details CVE-2023-6548
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.115
EPSS Ranking 93.2%
CVSS Severity
CVSS v3 Score 5.5
Proposed Action
Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.
Ransomware Campaign
Unknown
References
Products affected by CVE-2023-6548
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1-55.297
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1-55.300
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0-91.13
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0-92.19
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.159
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.164
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-49.15
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-8.50
-
cpe:2.3:a:citrix:netscaler_gateway:13.0
-
cpe:2.3:a:citrix:netscaler_gateway:13.0-91.13
-
cpe:2.3:a:citrix:netscaler_gateway:13.0-92.19
-
cpe:2.3:a:citrix:netscaler_gateway:13.1
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-49.15
-
cpe:2.3:a:citrix:netscaler_gateway:14.1
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-8.50