Vulnerability Details CVE-2023-6549
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
Exploit prediction scoring system (EPSS) score
EPSS Score 0.187
EPSS Ranking 94.9%
CVSS Severity
CVSS v3 Score 8.2
Proposed Action
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Ransomware Campaign
Unknown
References
Products affected by CVE-2023-6549
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1-55.297
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1-55.300
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0-91.13
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0-92.19
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.159
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.164
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-49.15
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-8.50
-
cpe:2.3:a:citrix:netscaler_gateway:13.0
-
cpe:2.3:a:citrix:netscaler_gateway:13.0-91.13
-
cpe:2.3:a:citrix:netscaler_gateway:13.0-92.19
-
cpe:2.3:a:citrix:netscaler_gateway:13.1
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-49.15
-
cpe:2.3:a:citrix:netscaler_gateway:14.1
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-8.50